Data object store and server for a cloud storage environment, including data deduplication and data management across multiple cloud storage sites

ABSTRACT

Systems and methods are disclosed for performing data storage operations, including content-indexing, containerized deduplication, and policy-driven storage, within a cloud environment. The systems support a variety of clients and cloud storage sites that may connect to the system in a cloud environment that requires data transfer over wide area networks, such as the Internet, which may have appreciable latency and/or packet loss, using various network protocols, including HTTP and FTP. Methods are disclosed for content indexing data stored within a cloud environment to facilitate later searching, including collaborative searching. Methods are also disclosed for performing containerized deduplication to reduce the strain on a system namespace, effectuate cost savings, etc. Methods are disclosed for identifying suitable storage locations, including suitable cloud storage sites, for data files subject to a storage policy. Further, systems and methods for providing a cloud gateway and a scalable data object store within a cloud environment are disclosed, along with other features.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of the assignee's pending U.S.Patent Application Nos. 61/299,313, filed Jan. 28, 2010, entitledPERFORMING DATA STORAGE OPERATIONS, INCLUDING CONTENT-INDEXING,CONTAINERIZED DEDUPLICATION, AND POLICY-DRIVEN STORAGE WITHIN A CLOUDENVIRONMENT; 61/221,993, filed Jun. 30, 2009, entitled SYSTEMS ANDMETHODS FOR PERFORMING DATA STORAGE OPERATIONS, INCLUDING CROSS-CLOUDSTORAGE, OVER VARIOUS NETWORK PROTOCOLS; and 61/223,695, filed Jul. 7,2009, entitled SYSTEMS AND METHODS FOR PERFORMING DATA STORAGEOPERATIONS, INCLUDING CROSS-CLOUD STORAGE, OVER VARIOUS NETWORKPROTOCOLS, all of which are incorporated herein by reference.

BACKGROUND

Current storage management systems employ a number of different methodsto perform storage operations on electronic data. For example, data canbe stored in primary storage as a primary copy that includes productiondata, or in secondary storage as various types of secondary copiesincluding, as a backup copy, a snapshot copy, a hierarchical storagemanagement copy (“HSM”), as an archive copy, and as other types ofcopies.

A primary copy of data is generally a production copy or other “live”version of the data which is used by a software application and isgenerally in the native format of that application. Primary copy datamay be maintained in a local memory or other high-speed storage devicethat allows for relatively fast data access if necessary. Such primarycopy data is typically intended for short term retention (e.g., severalhours or days) before some or all of the data is stored as one or moresecondary copies, for example to prevent loss of data in the event aproblem occurred with the data stored in primary storage.

Secondary copies include point-in-time data and are typically forintended for long-term retention (e.g., weeks, months or years dependingon retention criteria, for example as specified in a storage policy asfurther described herein) before some or all of the data is moved toother storage or discarded. Secondary copies may be indexed so users canbrowse, search and restore the data at another point in time. Aftercertain primary copy data is backed up, a pointer or other locationindicia such as a stub may be placed in the primary copy to indicate thecurrent location of that data. Further details may be found in theassignee's U.S. Pat. No. 7,107,298, filed Sep. 30, 2002, entitled SYSTEMAND METHOD FOR ARCHIVING OBJECTS IN AN INFORMATION STORE.

One type of secondary copy is a backup copy. A backup copy is generallya point-in-time copy of the primary copy data stored in a backup formatas opposed to in native application format. For example, a backup copymay be stored in a backup format that is optimized for compression andefficient long-term storage. Backup copies generally have relativelylong retention periods and may be stored on media with slower retrievaltimes than other types of secondary copies and media. In some cases,backup copies may be stored at on offsite location.

Another form of secondary copy is a snapshot copy. From an end-userviewpoint, a snapshot may be thought as an instant image of the primarycopy data at a given point in time. A snapshot may capture the directorystructure of a primary copy volume at a particular moment in time, andmay also preserve file attributes and contents. In some embodiments, asnapshot may exist as a virtual file system, parallel to the actual filesystem. Users may gain a read-only access to the record of files anddirectories of the snapshot. By electing to restore primary copy datafrom a snapshot taken at a given point in time, users may also returnthe current file system to the prior state of the file system thatexisted when the snapshot was taken.

A snapshot may be created nearly instantly, using a minimum of filespace, but may still function as a conventional file system backup. Asnapshot may not actually create another physical copy of all the data,but may simply create pointers that are able to map files anddirectories to specific disk blocks.

In some embodiments, once a snapshot has been taken, subsequent changesto the file system typically do not overwrite the blocks in use at thetime of snapshot. Therefore, the initial snapshot may use only a smallamount of disk space to record a mapping or other data structurerepresenting or otherwise tracking the blocks that correspond to thecurrent state of the file system. Additional disk space is usually onlyrequired when files and directories are actually modified later.Furthermore, when files are modified, typically only the pointers whichmap to blocks are copied, not the blocks themselves. In someembodiments, for example in the case of copy-on-write snapshots, when ablock changes in primary storage, the block is copied to secondarystorage before the block is overwritten in primary storage and thesnapshot mapping of file system data is updated to reflect the changedblock(s) at that particular point in time.

An HSM copy is generally a copy of the primary copy data, but typicallyincludes only a subset of the primary copy data that meets a certaincriteria and is usually stored in a format other than the nativeapplication format. For example, an HSM copy might include only thatdata from the primary copy that is larger than a given size threshold orolder than a given age threshold and that is stored in a backup format.Often, HSM data is removed from the primary copy, and a stub is storedin the primary copy to indicate its new location. When a user requestsaccess to the HSM data that has been removed or migrated, systems usethe stub to locate the data and often make recovery of the data appeartransparent even though the HSM data may be stored at a locationdifferent from the remaining primary copy data.

An archive copy is generally similar to an HSM copy, however, the datasatisfying criteria for removal from the primary copy is generallycompletely removed with no stub left in the primary copy to indicate thenew location (i.e., where it has been moved to). Archive copies of dataare generally stored in a backup format or other non-native applicationformat. In addition, archive copies are generally retained for very longperiods of time (e.g., years) and in some cases are never deleted. Sucharchive copies may be made and kept for extended periods in order tomeet compliance regulations or for other permanent storage applications.

In some embodiments of storage management systems, application data overits lifetime moves from more expensive quick access storage to lessexpensive slower access storage. This process of moving data throughthese various tiers of storage is sometimes referred to as informationlifecycle management (“ILM”). This is the process by which data is“aged” from more forms of secondary storage with faster access/restoretimes down through less expensive secondary storage with sloweraccess/restore times, for example, as the data becomes less important ormission critical over time.

In some embodiments, storage management systems may perform additionaloperations upon copies, including deduplication, content indexing, dataclassification, data mining or searching, electronic discovery(E-discovery) management, collaborative searching, encryption andcompression.

One example of a system that performs storage operations on electronicdata that produce such copies is the Simpana storage management systemby CommVault Systems of Oceanport, N.J. The Simpana system leverages amodular storage management architecture that may include, among otherthings, storage manager components, client or data agent components, andmedia agent components as further described in U.S. Pat. No. 7,246,207,filed Apr. 5, 2004, entitled SYSTEM AND METHOD FOR DYNAMICALLYPERFORMING STORAGE OPERATIONS IN A COMPUTER NETWORK. The Simpana systemalso may be hierarchically configured into backup cells to store andretrieve backup copies of electronic data as further described in U.S.Pat. No. 7,395,282, filed Jul. 15, 1999, entitled HIERARCHICAL BACKUPAND RETRIEVAL SYSTEM.

Components within conventional storage management systems oftencommunicate via one or more proprietary network protocols; this limitsthe devices that may connect to the system. Conventional systems mayutilize propriety or non-proprietary network protocols at any of theseven Open Systems Interconnection Reference Model (OSIRM) layers, andmay often utilize proprietary application-layer protocols. For example,if a client has primary data stored on it, and a storage managementsystem is utilized to create a secondary copy of this data on asecondary storage device, the client may communicate with the secondarystorage device by utilizing a proprietary application-level networkprotocol. In order to create a secondary copy on the secondary storagedevice in such a scenario, both the client and secondary storage devicemust have proprietary software and/or hardware installed or otherwise beconfigured to perform the proprietary network protocol. Thus, theability of a conventional storage management system is generally limitedto performing storage operations on those clients and secondary storagedevices having pre-installed hardware or software.

Although some conventional data storage systems may permit a client tocommunicate with the system via a non-proprietary network protocol suchas hypertext transfer protocol (HTTP) or file transfer protocol (FTP),generally such systems do not facilitate a wide range of value-addedstorage operations. For example, cloud storage sites typically provideonly storage of and access to data objects as a service provided to endusers. Generally, uploading, access and manipulation of data stored on acloud storage site is conducted via an HTTP, FTP or similar networkconnection. Cloud storage service providers include Amazon SimpleStorage Service, Rackspace, Windows Azure, and Iron Mountain, andNirvanix Storage Delivery Network. Cloud storage service providers oftenbill end users on a utility computing basis, e.g., per gigabyte stored,uploaded and/or downloaded per month. Conventional cloud storage sitesmay not permit the end user to perform value-added storage operationssuch as ILM, deduplication, content indexing, data classification, datamining or searching, E-discovery management, collaborative searching,encryption or compression.

The need exists for systems and methods that overcome the aboveproblems, as well as systems and methods that provide additionalbenefits. Overall, the examples herein of some prior or related systemsand methods and their associated limitations are intended to beillustrative and not exclusive. Other limitations of existing priorsystems and methods will become apparent to those of skill in the artupon reading the following Detailed Description.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an example of one arrangement of resources in acomputing network that may employ aspects of the invention.

FIG. 2 is a block diagram illustrating an example of a data storageenterprise system that may employ aspects of the invention.

FIG. 3A is a flow diagram illustrating a routine for writing data tocloud storage sites.

FIG. 3B, is a flow diagram illustrating a routine for migrating orcopying data into an archive format in secondary storage, includingsecondary cloud storage.

FIG. 4 is a block diagram illustrating an example of a deduplicationmodule.

FIGS. 5A-5D illustrate various data structures for deduplicating andstoring copies or instances of data objects on a storage device or forother processes.

FIG. 6 is a flow diagram illustrating a process for pruning adeduplication database by pruning or deleting data objects stored inarchive files, or entire archive files.

FIGS. 7A-7C illustrate various data structures which aspects of theinvention may utilize for pruning object-level deduplicated data or forother processes.

FIG. 8 illustrates various data structures which aspects of theinvention may utilize for deduplicating and storing copies or instancesof data blocks on a storage device or for other processes.

FIG. 9 is a flow diagram illustrating a process for pruning adeduplication database by pruning or deleting data blocks stored inarchive files, or entire archive files.

FIG. 10 is a flow diagram that illustrates the processing of a contentindexing component.

FIG. 11 illustrates suitable data structures for facilitating contentindexing.

FIG. 12 is a flow diagram illustrating a process for restoring orretrieving data from chunk folders in an archive file format onsecondary storage.

FIGS. 13A and 13B illustrate example data structures that the system maymaintain to facilitate the restoration or retrieval of data from chunkfolders in an archive file format on secondary storage.

FIG. 14 is a flow diagram illustrating the processing of a searchrequest by the system.

FIG. 15 illustrates another example of an arrangement of resources in acomputing network that may employ aspects of the invention.

FIG. 16 is a block diagram illustrating a suitable environment forutilizing a networked data storage device.

FIG. 17 shows a block diagram illustrating components of thenetwork-attached storage (NAS) filer component of a cloud gatewayconfigured to perform data migration.

FIG. 18 depicts a flow diagram illustrating a routine for performingblock-level data migration in a cloud gateway.

FIG. 19 is a flow diagram illustrating a routine for performingsub-object-level data migration in a cloud gateway.

FIG. 20 shows a flow diagram illustrating a routine for block-based orsub-object-based data restoration and modification in a cloud gateway.

FIG. 21 illustrates another example of an arrangement of resources in acomputing network that may employ aspects of the invention to providedata storage software as a service.

FIG. 22 is a block diagram illustrating components of an object store.

FIG. 23 shows a flow diagram illustrating a first process that may beperformed by an object store to process a request to store a dataobject.

FIGS. 24A and 24B together show a flow diagram illustrating a secondprocess that may be performed by an object store to process a request tostore a data object.

FIG. 25 is a block diagram illustrating an example architecture forintegrating a collaborative search system with a collaborative documentmanagement system.

FIG. 26 is a schematic diagram illustrating integration of parsers witha typical collaborative document management system.

FIG. 27 is a flow diagram of a process for identifying suitable storagelocations for various data objects subject to a storage policy.

FIG. 28 is a flow diagram of a process for scheduling cloud storagerequests.

FIG. 29 illustrates a process for encrypting files stored within a cloudstorage site.

DETAILED DESCRIPTION

The headings provided herein are for convenience only and do notnecessarily affect the scope or meaning of the claimed invention.

Overview 11 Suitable Environments 13 Storage Operation Cell 15 NetworkAgents 33 Network Client Agents 34 Media File System Agent 34 CloudStorage Submodules: Vendor-Agnostic File System Calls, 35 Buffering ofStorage Requests, and Logging Cloud Storage Performance Migrating orCopying Data to Secondary Storage, Including 41 Secondary Cloud StorageDeduplication 43 Object-Level Deduplication 44 Data Structures forObject-Level Deduplication 46 Pruning Object-Level Deduplicated Data 54Sub-Object-Level Deduplication 58 Block-Level Deduplication 60 DataStructures for Block-Level Deduplication 63 Deduplication Databases toEnable Containerized 67 Deduplication to Cloud-Based Storage PruningBlock-Level Deduplicated Data 69 Containerizing Deduplicated Data forStorage in the Cloud 73 Indexing of Data 75 Policy-Driven Storage ofData Across Cloud Storage Sites 77 Restoring Dehydrated Data Objectsfrom Cloud Storage Sites 78 Local Searching of Data Stored on RemoteCloud Storage Sites 81 Collaborative Searching 82 Cloud Gateway 87 CloudGateway Architecture 88 Cloud Gateway for Cloud Storage Sites andDeduplication 91 and Policy-Driven Data Migration Data Recovery in CloudStorage Sites via Cloud Gateway 98 Device System Configurations toProvide Data Storage and Management 100 Software as a Service ObjectStore 102 Object Store Methods 113 Process for Cost-Balancing CloudStorage 124 Process for Scheduling Cloud Storage Requests 130 Processfor Encrypting Files within Cloud Storage 134 Protecting Remote Officeand Branch Office (ROBO) Data 136 Conclusion 138 147

Overview

With the massive volume of files being hosted in cloud environments,traditional file system based approaches are failing to scale. As muchas 90% of new data created is unstructured and/or file based. As suchdata makes its way into the cloud, the need for systems that can scaleto several million files and possibly petabytes of capacity becomesnecessary. Traditional file systems and filers have their strengths, andhigh-performance file sharing needs still exist within data centers, soexisting filers and file systems fulfill that need. Cloud storage, onthe other hand, with associated network latencies is not always a goodfit for certain use cases. But cloud storage excels with Internetapplications where the generation of content can be viral and where itcan be virtually impossible to predict capacity or access needs. Cloudstorage is also ideal in the case of Web 2.0 applications which promotecollaboration between hundreds and thousands of user sharing the samefiles or objects.

While file systems have been a successful way of allowing people tostore their data in an intuitive form that is easy to visualize, theyhave complexities which get exposed when the number of objects they needto manage reach massive proportions. File systems are typically built onblock storage devices and all files are eventually broken down intoblocks that need to be placed on the storage system. The file system hasto maintain a “table of contents” (e.g. a FAT), which tracks not onlywhat files it is holding, but which blocks on the storage comprise thatfile. On a system with a massive number of files, each with a largenumber of blocks, the numbers get large enough that traditional filesystems start to slow down or even crash. What's typically done whenthis happens is that a new file system or filer is added. But the newfile system provides a completely different namespace than the originaland all users of the file system (humans and applications) need to beaware of this change and know which namespace they need to look in tofind their files.

Systems and methods are disclosed herein for performing data storageoperations, including content indexing, containerized deduplication, andpolicy-driven storage, within a cloud environment. The systems support avariety of clients and storage devices that connect to the system in acloud environment, which permits data transfer over wide area networks,such as the Internet, and which may have appreciable latency and/orpacket loss. The system allows available storage devices to includecloud storage sites. Methods are disclosed for content indexing datastored within a cloud environment to facilitate later searching,including collaborative searching. Methods are also disclosed forperforming containerized deduplication to reduce the strain on a systemnamespace and effectuate cost savings. Methods are disclosed foridentifying suitable storage locations, including suitable cloud storagesites, for data files subject to a storage policy. Further, systems andmethods for providing a cloud gateway and a scalable data object storewithin a cloud environment are disclosed.

Various examples of the invention will now be described. The followingdescription provides specific details for a thorough understanding andenabling description of these examples. One skilled in the relevant artwill understand, however, that the invention may be practiced withoutmany of these details. Likewise, one skilled in the relevant art willalso understand that the invention may include many other obviousfeatures not described in detail herein. Additionally, some well-knownstructures or functions may not be shown or described in detail below,so as to avoid unnecessarily obscuring the relevant description.

The terminology used below is to be interpreted in its broadestreasonable manner, even though it is being used in conjunction with adetailed description of certain specific examples of the invention.Indeed, certain terms may even be emphasized below; however, anyterminology intended to be interpreted in any restricted manner will beovertly and specifically defined as such in this Detailed Descriptionsection.

Unless described otherwise below, aspects of the invention may bepracticed with conventional data processing and data storage systems.Thus, the construction and operation of the various blocks shown in theFigures may be of conventional design, and need not be described infurther detail herein to make and use aspects of the invention, becausesuch blocks will be understood by those skilled in the relevant art. Oneskilled in the relevant art can readily make any modifications necessaryto the blocks in the Figures based on the detailed description providedherein.

Suitable Environments

The Figures and the discussion herein provide a brief, generaldescription of certain suitable computing environments in which aspectsof the invention can be implemented. Although not required, aspects ofthe invention are described in the general context ofcomputer-executable instructions, such as routines executed by ageneral-purpose computer, e.g., a server computer, wireless device, orpersonal computer. Those skilled in the relevant art will appreciatethat aspects of the invention can be practiced with othercommunications, data processing, or computer system configurations,including: Internet appliances, hand-held devices (including personaldigital assistants (PDAs), wearable computers, all manner of cellular ormobile phones, multi-processor systems, microprocessor-based orprogrammable consumer electronics, set-top boxes, network PCs,mini-computers, mainframe computers, and the like. The terms “computer,”“server,” “and the like are generally used interchangeably herein, andrefer to any of the above devices and systems, as well as any dataprocessor. Aspects of the invention can be practiced in software thatcontrols or operates data storage hardware that is specifically designedfor use in data storage networks, e.g., as described in detail herein.

While aspects of the invention, such as certain functions, are describedas being performed exclusively on a single device, the invention canalso be practiced in distributed environments where functions or modulesare shared among disparate processing devices, which are linked througha communications network, such as a Local Area Network (LAN), Wide AreaNetwork (WAN), and/or the Internet. In a distributed computingenvironment, program modules may be located in both local and remotememory storage devices.

Aspects of the invention including computer implemented instructions,data structures, screen displays, and other data may be stored ordistributed on tangible computer-readable storage media, includingmagnetically or optically readable computer discs, hard-wired orpreprogrammed chips (e.g., EEPROM semiconductor chips), nanotechnologymemory, biological memory, or other data storage media. Alternatively,computer implemented instructions, data structures, screen displays, andother data under aspects of the invention may be distributed viacommunication medium, such as over the Internet or over other networks(including wireless networks), on a propagated signal on a propagationmedium (e.g., an electromagnetic wave(s), a sound wave, etc.) over aperiod of time, or they may be provided on any analog or digital network(packet switched, circuit switched, or other scheme).

FIG. 1 illustrates an example of one arrangement of resources in acomputing network that may employ the processes and techniques describedherein, although many others are of course possible. Clients 130, aspart of their function, may utilize data, which includes files,directories, metadata (e.g., access control list (ACLS) creation/editdates associated with the data, etc.), and other data objects. The dataon the clients 130 is typically a primary copy (e.g., a productioncopy). During a copy, backup, archive or other storage operation, theclients 130 may send a copy of some data objects (or some componentsthereof) to a secondary storage computing device 165 by utilizing one ormore data agents 195, described below.

The secondary storage computing device 165 may in turn create secondarycopies of primary data objects (or some components thereof) in storagedevices 115, which may include various cloud storage sites 115A-N.Communications between the secondary storage computing devices 165 andcloud storage sites 115A-N may utilize REST protocols (Representationalstate transfer interfaces) that satisfy basic C/R/U/D semantics(Create/Read/Update/Delete semantics), or other hypertext transferprotocol (“HTTP”)-based or file-transfer protocol (“FTP”)-basedprotocols (e.g. Simple Object Access Protocol).

In conjunction with creating secondary copies in cloud storage sites115A-N, the secondary storage computing device 165 may also performlocal content indexing and/or local object-level, sub-object-level orblock-level deduplication when performing storage operations involvingvarious cloud storage sites 115A-N. By providing content indexing andlocal searching, the system may reduce the time and cost associated withdata access or data search requests sent to remote cloud storage sites.By deduplicating locally, the system may reduce the amount of datatransfer required over a wide area network between the secondary storagecomputing devices 165 and the cloud storage sites 115A-N, and may reducethe cost associated with data uploads to and data storage on cloudstorage sites. Further details are provided below.

Storage Operation Cell

FIG. 2 illustrates an example of one arrangement of a storage operationcell 150 in a computing network that may employ the processes andtechniques described herein, although many others are of coursepossible. FIG. 2 shows a hierarchical arrangement of resources, whichincludes a storage operation cell 150 having a storage manager 105, oneor more data agents 195, one or more network client agents 255, one ormore secondary storage computing devices 165, one or more media filesystem agents 240, one or more storage devices 115, one or more clients130, and one or more data or information stores 260. The cell 150 alsoincludes a management index 211, a management light index 245, a jobsagent 220, an interface agent 225, a management agent 233, one or morenetwork agents 235, one or more metabases 270, one or more secondarystorage indices 261, one or more deduplication modules 299, one or morecontent indexing components 205, one or more deduplication databases297, and one or more secondary storage light indices 247. Such systemand elements represent a modular storage system such as the CommVaultSimpana system, available from CommVault Systems, Inc. of Oceanport,N.J., and further described in the assignee's U.S. Pat. No. 7,035,880,filed Jul. 6, 2000, entitled MODULAR BACKUP AND RETRIEVAL SYSTEM USED INCONJUNCTION WITH A STORAGE AREA NETWORK. Although not illustrated inFIG. 1, in some implementations, one or more of the secondary storagecomputing devices 165 (and/or deduplication databases, secondary storageindices, secondary storage light indices, and/or other systemcomponents) may reside on one or more cloud storage site 115A-N. Forexample, in such implementations, a secondary storage computing devicemay utilize computational resources (e.g., computational processingcapacity) provided by a vendor that operates a cloud storage site 115A-Nto perform its functionality.

A storage operation cell, such as cell 150, may generally includecombinations of hardware and software components associated withperforming storage operations on electronic data. (While aspects of theinvention are described as employing the hierarchical architecture withcells, those aspects may likewise be employed in other architectureswithout cells, such as a simple client-server or peer-to-peerconfiguration.) Storage operation cells 150 may be related to backupcells and provide some or all of the functionality of backup cells asdescribed in the assignee's U.S. Pat. No. 7,395,282 filed Jul. 15, 1999,entitled HIERARCHICAL BACKUP AND RETRIEVAL SYSTEM. However, storageoperation cells may also perform additional types of storage operationsand other types of storage management functions that are not generallyoffered by backup cells.

Additional data storage operations performed by storage operation cells150 may include creating, storing, retrieving, and migrating primarystorage data (e.g., data store 260) and secondary storage data (whichmay include, for example, snapshot copies, backup copies, HierarchicalStorage Management (HSM) copies, archive copies, and other types ofcopies of electronic data) stored on storage devices 115. In someembodiments, storage operation cells may perform additional storageoperations upon copies, including ILM, deduplication, content indexing,data classification, data mining or searching, electronic discovery(E-discovery) management, collaborative searching, encryption andcompression. Alternatively or additionally, a storage operation cell maymake or retain disaster recovery copies, often as secondary,high-availability disk copies. Such cell may make secondary disk copiesto disaster recovery (DR) locations using auxiliary copy or replicationtechnologies. Storage operation cells 150 may also provide one or moreintegrated management consoles for users or system processes tointerface with in order to perform certain storage operations onelectronic data. Such integrated management consoles may be displayed ata central control facility or several similar consoles may bedistributed throughout multiple network locations to provide global orgeographically specific network data storage information.

In one example, storage operations may be performed according to variousstorage preferences, for example, as expressed by a user preference or astorage policy. A “storage policy” is generally a data structure orother information source that includes a set of preferences and otherstorage criteria associated with performing a storage operation. Thepreferences and storage criteria may include, but are not limited to, astorage location (or a class or quality of storage location),deduplication requirements, relationships between system components,network pathways to utilize in a storage operation, retention policies,data characteristics, compression or encryption requirements, preferredsystem components to utilize in a storage operation, the estimated orhistoric usage or cost associated with operating system components,frequency or use/access/etc. various time-related factors,single-instancing and/or deduplication information, and other criteriarelating to a data storage or management operation. For example, astorage policy may indicate that certain data is to be stored in thestorage device 115, retained for a specified period of time before beingaged to another tier of secondary storage, copied to the storage device115 using a specified number of data streams, etc. As one example, astorage policy may specify that certain data should be stored in one ormore target cloud storage sites 115A-N, as described herein.

As another example, a storage policy may specify that a first type offiles should be retained for one year in a first target cloud storagesite 115A, that a second type of files should be retained for sevenyears in a second cloud storage site 1158, and that a third type offiles should be retained indefinitely in a third cloud storage site115N. As yet another example, a storage policy may specify that a firsttype of files (e.g., secondary disk copies needed for rapid disasterrecovery) be stored only in storage sites 115, including cloud storagesites 115A-N, that can provide sufficient bandwidth, network capacity orother performance to ensure that the time needed to recover a file fromthe storage device 115 (e.g., cloud storage site 115A-N) is less aspecified recovery time objective.

As another example, a storage policy relating to cloud storage sites115A-N may specify that a cloud storage site should be chosen, at leastin part, based on the geographical (or network) proximity between a datasource (e.g., client 130 and/or secondary storage computing device 165)and the cloud storage site in order to improve data transfers.

As another example, a storage policy relating to cloud storage sites115A-N may specify that a first type of files be stored only on cloudstorage sites that have a sufficient level of fault tolerance. Forexample, a storage policy may specify that a first type of files bestored only on cloud storage sites 115A-N that replicate copies of theirdata across two or more geographically separate regions or across two ormore separate power grids. As yet another example, a storage policy mayspecify that a first type of files be stored only on cloud storage sites115A-N that satisfy other consumer criteria. For example, a storagepolicy may specify that a first type of files be stored only on cloudstorage sites 115A-N that are certified as being “environmentallygreen,” that align with particular political or social agendas, that door do not have operations in certain countries (e.g., sites that do haveoperations in developing nations and/or do not have operations inembargoed countries), or that satisfy some other consumer criteria.

A storage policy might define different classes of storage that shouldbe utilized for different types of data. For example, a storage policymay define “first-class storage” as rapid access media, such as storagedevices having magnetic disk (or faster access) storage media, a highbandwidth network connection to the cloud storage site, and a cloudstorage site that satisfies certain performance criteria (e.g., has highbandwidth for faster uploads and/or downloads and/or utilizes RAID orsimilar methods that improve the fault-tolerance of the site).“Second-class storage” may be defined under a storage policy as a secondcloud storage site having magnetic tape (or slower access) data storage,lower bandwidth connections and/or less fault tolerance. As anotherexample, a storage policy may define storage classes based on the actualperformance achieved by cloud storage sites or other storage devices115. For example, a storage policy may define first-class storage ascloud storage sites that actually achieve a threshold averagethroughput, data recovery rate, and/or specified error rate.

To facilitate the selection of cloud storage sites on the basis ofactual performance, a storage manager 105, secondary storage computingdevices 165 and/or other system components may track, log and/or analyzethe performance achieved by cloud storage sites. Thus, a client computeror organization may contract with a cloud storage provider for a definedlevel of service, where the level of service relates to a storage policyas defined herein (e.g. aggregated data storage volumes, faulttolerance, data recovery rates, threshold latency and/or bandwidth,etc., defined under a service level agreement (SLA).) The clientcomputer may then periodically perform tests or monitor performance ofthe cloud storage provider as compared to the defined level of serviceto ensure the appropriate level of service.

In some implementations, a storage policy may comprise an audit policy.An audit policy is a set of preferences, rules and/or criteria thatprotect sensitive data in the storage operation cell 150. For example,an audit policy may define “sensitive objects” as files or objects thatcontain particular keywords (e.g. “confidential,” or “privileged”)and/or are associated with particular keywords (e.g., in metadata) orparticular flags (e.g., in metadata identifying a document or email aspersonal, confidential, etc.). An audit policy may further specify rulesfor handling sensitive objects. As an example, an audit policy mayrequire that a reviewer approve the transfer of any sensitive objects toa cloud storage site 115A-N, and that if approval is denied for aparticular sensitive object, the sensitive object should be transferredto a local storage device 115 instead. To facilitate this approval, theaudit policy may further specify how a secondary storage computingdevice 165 or other system component should notify a reviewer that asensitive object is slated for transfer.

In some implementations, a storage policy may comprise a provisioningpolicy. A provisioning policy is a set of preferences, priorities, rulesand/or criteria that specify how various clients 130 (or groups ofclients 130, e.g., a group of clients 130 associated with a department)may utilize various system resources, including resources such asavailable storage on cloud storage sites 115A-N and/or the networkbandwidth between the storage operation cell 150 and cloud storage sites115A-N. A provisioning policy may specify, for example, data quotas forparticular clients 130 (e.g. a gigabyte amount of data that can bestored monthly, quarterly or annually). Components of the storageoperation cell 150, such as the secondary storage computing devices 165,may enforce the provisioning policy (including quotas) during thetransfer of data to secondary storage (e.g., during the process 300,shown in FIG. 3B). If a client (typically associated with a departmentwithin an organization) exceeds the policy, then a budget for thatclient/department may be charged for excess storage or resourceallocation.

In some implementations, a storage policy may comprise a cost policy. Acost policy is a set of preferences, priorities, rules and/or criteriathat specify how to identify suitable storage locations, includingsuitable cloud storage locations. For example, a cost policy maydescribe the method of evaluating a cost function, as described ingreater detail herein with respect to FIG. 27. Here again, if a clientexceeds the policy, then a budget for that client/department may becharged for excess storage or resource allocation.

A storage policy may be stored in a database of the storage manager 105,such as management index 211, or in other locations or components of thesystem. As will be described in detail herein, the system may utilize astorage policy when identifying suitable storage locations for variousdata objects subject to the storage policy.

Additionally or alternatively, a “schedule policy” may specify when andhow often to perform storage operations and may also specify performingcertain storage operations on sub-clients of data and how to treat thosesub-clients. A “sub-client” is a portion of one or more clients 130 andcan contain either all of the client's 130 data or a designated subsetthereof. For example, an administrator may find it preferable toseparate email data from financial data using two different sub-clientshaving different storage preferences, retention criteria, etc. Aschedule policy may be stored in the management index 211 of the storagemanager 105 and/or in other locations within the system.

Storage operation cells may contain not only physical devices, but alsomay represent logical concepts, organizations, and hierarchies. Forexample, a first storage operation cell 150 may be configured to performa first type of storage operation such as an HSM operation, which mayinclude backup or other types of data migration, and may include avariety of physical components including a storage manager 105 (ormanagement agent 233), a secondary storage computing device 165, aclient 130, and other components as described herein. A second storageoperation cell 150 may contain the same or similar physical components;however, it may be configured to perform a second type of storageoperation, such as a storage resource management (“SRM”) operation, andmay include monitoring a primary data copy or performing other known SRMoperations.

Thus, as can be seen from the above, although the first and secondstorage operation cells 150 are logically distinct entities configuredto perform different management functions (e.g., HSM and SRM,respectively), each storage operation cell 150 may contain the same orsimilar physical devices. Alternatively, different storage operationcells 150 may contain some of the same physical devices and not others.For example, a storage operation cell 150 configured to perform SRMtasks may contain a secondary storage computing device 165, client 130,or other network device connected to a primary storage volume, while astorage operation cell 150 configured to perform HSM tasks may insteadinclude a secondary storage computing device 165, client 130, or othernetwork device connected to a secondary storage volume and may notcontain the elements or components associated with and including theprimary storage volume. (The term “connected” as used herein does notnecessarily require a physical connection; rather, it could refer to twodevices that are operably coupled to each other, communicably coupled toeach other, in communication with each other, or more generally, referto the capability of two devices to communicate with each other, oftenwith intervening components in between.) These two storage operationcells 150, however, may each include a different storage manager 105that coordinates storage operations via the same secondary storagecomputing devices 165 and storage devices 115. This “overlapping”configuration allows storage resources to be accessed by more than onestorage manager 105, such that multiple paths exist to each storagedevice 115 facilitating failover, load balancing, and promoting robustdata access via alternative routes.

Alternatively or additionally, the same storage manager 105 may controltwo or more storage operation cells 150 (whether or not each storageoperation cell 150 has its own dedicated storage manager 105). Moreover,in certain embodiments, the extent or type of overlap may beuser-defined (through a control console) or may be automaticallyconfigured to optimize data storage and/or retrieval.

The clients 130, as part of their function, may utilize data, whichincludes files, directories, metadata, and other data objects. The dataon the clients 130 is typically a primary copy (e.g., a productioncopy). During a copy, backup, archive or other storage operation, theclients 130 may send a copy of some data objects to a secondary storagecomputing device 165 by utilizing one or more data agents 195.

The data agent 195 may be a software module or part of a software modulethat is generally responsible for storage operations, such as copying,archiving, migrating, and recovering data from client 130 stored in datastore 260 or other memory location. Each client 130 may have at leastone data agent 195, and the system can support multiple clients 130.Data agent 195 may be distributed between client 130 and storage manager105 (and any other intermediate components), or it may be deployed froma remote location or its functions approximated by a remote process thatperforms some or all of the functions of data agent 195.

The overall system may employ multiple data agents 195, each of whichmay back up, migrate, archive, and recover data associated with adifferent application. For example, different individual data agents 195may be designed to handle Microsoft Exchange data, Lotus Notes data,Microsoft Windows 2000 file system data, Microsoft Active DirectoryObjects data and other types of data known in the art. Other embodimentsmay employ one or more generic data agents 195 that can handle andprocess multiple data types rather than using the specialized dataagents described above.

If a client 130 has two or more types of data, one data agent 195 may berequired for each data type to copy, archive, migrate, and restore thedata of the client 130. Alternatively, the overall system may use one ormore generic data agents 195, each of which may be capable of handlingtwo or more data types. For example, one generic data agent 195 may beused to back up, migrate, and restore Microsoft Exchange 2000 Mailboxdata and Microsoft Exchange 2000 Database data while another genericdata agent 195 may handle Microsoft Exchange 2000 Public Folder data andMicrosoft Windows 2000 File System data, etc.

The data agents 195 may be responsible for arranging or packing data tobe copied, transferred, or migrated into a certain format such as anarchive file format. Nonetheless, it will be understood that thisrepresents only one example, and any suitable packing orcontainerization technique or transfer methodology may be used ifdesired. Such an archive file may include a metadata list of files ordata objects copied in metadata, the file, and data objects themselves.Moreover, any data moved by the data agents may be tracked within thesystem by updating indexes associated with appropriate storage managers105 or secondary storage computing devices 165. As used herein, a fileor a data object refers to any collection or grouping of bytes of datathat can be viewed as one or more logical units.

The network client agent 255 may be a software module, part of asoftware module, and/or may comprise hardware that generally providesthe client 130 with the ability to communicate with other componentswithin the system, such as storage manager 105, other clients 130, andsecondary storage computing devices 165. Network client agent 255 maypermit communication via one or more proprietary and/or non-proprietarynetwork protocols, notably to cloud-based storage, as described herein.

Generally speaking, the storage manager 105 may be a software module orother application that coordinates and controls storage operationsperformed by storage operation cell 150. Storage manager 105 maycommunicate with some or all elements of storage operation cell 150including clients 130, data agents 195, secondary storage computingdevices 165, and storage devices 115 to initiate and manage systembackups, migrations, data recovery, and other storage operations.

Storage manager 105 may include a jobs agent 220 that monitors thestatus of some or all storage operations previously performed, currentlybeing performed, or scheduled to be performed by storage operation cell150, including storage jobs sent to cloud-based storage. Jobs agent 220may be communicatively coupled to interface agent 225 (e.g., a softwaremodule or application). Interface agent 225 may include informationprocessing and display software, such as a graphical user interface(“GUI”), an application programming interface (“API”), or otherinteractive interface through which users and system processes canretrieve information about the status of storage operations. Throughinterface agent 225, users may optionally issue instructions to variousstorage operation cells 150 regarding the performance of the storageoperations as described and contemplated herein. For example, a user maymodify a schedule concerning the number of pending snapshot copies orother types of copies scheduled as needed to suit particularrequirements. As another example, a user may employ the GUI to view thestatus of pending storage operations in some or all of the storageoperation cells 150 in a given network or to monitor the status ofcertain components in a particular storage operation cell 150 (e.g., theamount of storage capacity left in a particular storage device 115). Insome embodiments, users or other system processes may retrieveinformation or issue commands by employing API commands sent to theinterface agent via the network agent 235.

The storage manager 105 may also include a management agent 233 that istypically implemented as a software module or application program. Ingeneral, management agent 233 provides an interface that allows variousmanagement agents 233 in other storage operation cells 150 tocommunicate with one another. For example, assume a certain networkconfiguration includes multiple storage operation cells 150 adjacent toone another or otherwise logically related in a WAN or LANconfiguration. In this arrangement, each storage operation cell 150 maybe connected to the other through a respective interface agent 225. Thisallows each storage operation cell 150 to send and receive certainpertinent information from other storage operation cells 150, includingstatus information, routing information, information regarding capacityand utilization, etc. These communications paths may also be used toconvey information and instructions regarding storage operations. Thestorage operation cells 150 can be organized hierarchically such thathierarchically superior cells control or pass information tohierarchically subordinate cells or vice versa.

Storage manager 105 may also maintain a management index 211, database,or other data structure. The data stored in management index 211 may beused to indicate logical associations between components of the system,user preferences, management tasks, media containerization and datastorage information or other useful data. For example, the storagemanager 105 may use data from management index 211 to track the logicalassociations between secondary storage computing device 165 and storagedevices 115 (or the movement of data as containerized from primary tosecondary storage). In the case of cloud-based storage, the managementindex may indicate which cloud-based storage site(s) stores which dataset.

Storage manager 105 may also include a network agent 235 that istypically implemented as a software module or part of a software module.In general, network agent 235 provides the storage manager 105 with theability to communicate with other components within the system, such asclients 130, data agents 195, and secondary storage computing devices165. As with the network client agents 255, the network agents 235 maypermit communication via one or more proprietary and/or non-proprietarynetwork protocols. Network agent 235 may be communicatively coupled tomanagement light index 245, management index 211, jobs agent 220,management agent 233, and interface agent 225.

Generally speaking, the secondary storage computing device 165, whichmay include or be a media agent, may be implemented as a software modulethat conveys data, as directed by storage manager 105, between a client130 and one or more physical storage devices 115, such as a tapelibrary, a magnetic media storage device, an optical media storagedevice, a cloud storage site, or any other suitable storage device. Inone embodiment, secondary storage computing device 165 may becommunicatively coupled to and control a storage device 115. A secondarystorage computing device 165 may be considered to be associated with aparticular storage device 115 if that secondary storage computing device165 is capable of routing and storing data to that particular storagedevice 115.

In operation, a secondary storage computing device 165 associated with aparticular storage device 115 may instruct the storage device 115 to usea robotic arm or other retrieval means to load or eject a certainstorage media. Secondary storage computing device 165 may also instructthe storage device 115 to archive, migrate, restore, or copy data to orfrom the storage device 115 or its associated storage media. Secondarystorage computing device 165 may also instruct the storage device 115 todelete, sparsify, destroy, sanitize, or otherwise remove data from thestorage device 115 or its associated storage media. Secondary storagecomputing device 165 may communicate with a storage device 115 via anysuitable communications path, including SCSI, a Fibre Channelcommunications link, or a wired, wireless, or partially wired/wirelesscomputer network, including the Internet. In some embodiments, thestorage device 115 may be communicatively coupled to the storage manager105 via a storage area network (SAN).

A secondary storage computing device 165 may also include at least onemedia file system agent 240. Each media file system agent 240 may be asoftware module or part of a software module that is generallyresponsible for archiving, migrating, restoring, accessing, reading,writing, moving, deleting, sanitizing, or otherwise performing filesystem and data storage operations on various storage devices 115 ofdisparate types. For example, media file system agent 240 may beconfigured to permit secondary storage computing device 165 to open,read, write, close, and delete data on cloud storage sites or storagedevices 115 having optical, magnetic, or tape media.

A secondary storage computing device 165 may also include a networkagent 235 similar or identical to that described previously. Generally,network agent 235 provides the secondary storage computing device 165with the ability to communicate with other components within the system,such as other secondary storage computing devices 165, storage manager105, clients 130, data agents 195, and storage devices 115. Networkagent 235 generally provides communication via one or more proprietaryand/or non-proprietary network protocols.

A secondary storage computing device 165 may also include a contentindexing component 205 to perform content indexing of data inconjunction with the archival, restoration, migration, or copying ofdata, or at some other time. Content indexing of data is described ingreater detail herein. Each secondary storage computing device 165 maymaintain an index, a database, or other data structure (referred toherein as “secondary storage index” or “SS index” 261) that may storeindex data generated during backup, migration, restoration, and otherstorage operations for secondary storage (“SS”) as described herein,including creating a metabase (MB). For example, performing storageoperations on Microsoft Exchange data may generate index data. Suchindex data provides a secondary storage computing device 165 or otherexternal device with an efficient mechanism for locating data stored orbacked up. Thus, an SS index 261 and/or a management index 211 of astorage manager 105 may store data associating a client 130 with aparticular secondary storage computing device 165 or storage device 115,for example, as specified in a storage policy, while an SS index 261,metabase, database, or other data structure in secondary storagecomputing device 165 may indicate where specifically the data of theclient 130 is stored in storage device 115, what specific files werestored, and other information associated with storage of the data of theclient 130. In some embodiments, such index data may be stored alongwith the data backed up in a storage device 115, with an additional copyof the index data written to index cache in a secondary storage device165. Thus the data is readily available for use in storage operationsand other activities without having to be first retrieved from thestorage device 115.

Generally speaking, information stored in cache is typically informationthat reflects certain particulars about operations that have recentlyoccurred. After a certain period of time, this information is sent tosecondary storage and tracked. This information may need to be retrievedand uploaded back into a cache or other memory in a secondary computingdevice before data can be retrieved from storage device 115. In someembodiments, the cached information may include information regardingthe format or containerization of archives or other files stored onstorage device 115.

A secondary storage computing device 165 may also include adeduplication database 297 to perform deduplication of data inconjunction with the archival, restoration, migration, or copying ofdata, or at some other time. The secondary storage computing devices 165may also maintain one or more deduplication databases 297. Singleinstancing is one form of deduplication and generally refers to storingin secondary storage only a single instance of each data object (or eachdata sub-object or each data block) in a set of data (e.g., primarydata). More details as to single instancing may be found in one or moreof the following commonly assigned U.S. patent applications: 1) U.S.Pat. Pub. No. 2006-0224846 (entitled SYSTEM AND METHOD TO SUPPORT SINGLEINSTANCE STORAGE OPERATIONS); 2) U.S. Pat. Pub. No. 2009-0319585(entitled APPLICATION-AWARE AND REMOTE SINGLE INSTANCE DATA MANAGEMENT);3) U.S. Pat. Pub. No. 2009-0319534 (entitled APPLICATION-AWARE ANDREMOTE SINGLE INSTANCE DATA MANAGEMENT), 4) U.S. Pat. Pub. No.2008-0243879 (entitled SYSTEM AND METHOD FOR STORING REDUNDANTINFORMATION); and 5) U.S. Pub. App. No. 2008-0229037 (entitled SYSTEMSAND METHODS FOR CREATING COPIES OF DATA, SUCH AS ARCHIVE COPIES).

Another form of deduplication is variable instancing, which generallyrefers to storing in secondary storage one or more instances, but fewerthan the total number of instances, of each data block (or data objector data sub-object) in a set of data (e.g., primary data). More detailsas to variable instancing may be found in the commonly assigned U.S.Pat. App. No. 61/164,803 (entitled STORING A VARIABLE NUMBER OFINSTANCES OF DATA OBJECTS). The deduplication module 299 anddeduplication database 297 are described in greater detail herein.

As shown in FIG. 2, clients 130 and secondary storage computing devices165 may each have associated metabases or indices (270 and 261,respectively). However, in some embodiments, each “tier” of storage,such as primary storage, secondary storage, tertiary storage, etc., mayhave multiple metabases/indices or a centralized metabase/index, asdescribed herein. For example, rather than a separate metabase or indexassociated with each client in FIG. 2, the metabases/indices on thisstorage tier may be centralized. Similarly, second and other tiers ofstorage may have either centralized or distributed metabases/indices.Moreover, mixed architecture systems may be used if desired, that mayinclude a first tier centralized metabase/index system coupled to asecond tier storage system having distributed metabases/indices and viceversa, etc.

Moreover, in operation, a storage manager 105 or other management modulemay keep track of certain information that allows the storage manager toselect, designate, or otherwise identify metabases/indices to besearched in response to certain queries as further described herein.Movement of data between primary and secondary storage may also involvemovement of associated metadata and index data and other trackinginformation as further described herein.

In some embodiments, management index 211 and/or SS index 261 mayprovide content indexing of data generated during backup, migration,restoration, and other storage operations. In this way, management index211 and/or SS index 261 may associate secondary storage files withvarious attributes, characteristics, identifiers, or other tags or dataclassifications associated with the file content. In such embodiments, auser of storage operation cell 150 may search for content within thestorage operation cell via the interface agent 225. Methods ofperforming content indexing and searching, including collaborativesearching, within a storage operation cell 150 are described in thecommonly assigned U.S. Patent Publication Nos. 2008-0091655 (entitledMETHOD AND SYSTEM FOR OFFLINE INDEXING OF CONTENT AND CLASSIFYING STOREDDATA) and 2008-0222108 (entitled METHOD AND SYSTEM FOR COLLABORATIVESEARCHING).

In some embodiments, storage manager 105 may also include or be operablycoupled to a management light index 245 that may store index data,metadata, or other information generated during backup, migration,restoration, or other storage operations. The management light index 245provides storage manager 105 and other components with an alternatemechanism for locating data stored or backed up, so that they may morerapidly respond to client 130 or other requests received via HTTP orsimilar protocols that are susceptible to time-outs.

Management light index 245 may store some subset of the informationcontained in management index 211, SS index 261, client metabase 270and/or other information. For example, the management light index 245comprises the following information about each data file in the storageoperation cell 150: a file name or other descriptor, a descriptor forthe client 130 or sub-client associated with the file (typically theclient 130 that created the file), the size of the file, the storagelocation of the file (including the storage device, associated secondarystorage computing devices 165 and/or other index data), file type (e.g.,file extension or descriptor to associate an application with the file),etc. In some embodiments, the management light index 245 may compriseadditional information, such as limited content information. Within themanagement light index 245, each data file may also be associated with atoken that uniquely identifies the data file. In some embodiments,however, the token may not be unique for all data files in themanagement light index 245; instead, the combination of the token withanother data field (e.g., the associated client 130) may be unique.

During the operation of the storage operation cell 150, management lightindex 245 may be populated or changed. For example, whenever a secondarystorage operation is performed (due to a client 130 request, a scheduledjob, the application of a storage policy, or otherwise), the managementlight index 245 may be updated by the storage manager 105, secondarystorage computing device 165, or other system component responsible forperforming some or all of the storage operation. For example, if aclient 130 (or its data agent 195) requests the creation of a backup,archival, or other secondary copy, the secondary storage computingdevice 165 (e.g. cloud-based storage site) creating that secondary copymay create one or more new entries in the management light index 245reflecting the name, location, size, and client 130 associated with thenewly created secondary copy. As another example, if due to an ILMstorage policy, a file is migrated from a first storage device 115 to asecond storage device 115, a secondary storage computing device 165 mayupdate the management light index 245 to reflect the new location of thefile.

In one example, the management light index 245 may only be populatedwith information regarding data files that originated from clients 130that connect to the storage operation cell 150 via certain networkprotocols. For example, the management light index 245 may only bepopulated with information regarding data files that originated fromclients 130 that connect to the storage operation cell 150 via the HTTPprotocol.

The secondary storage computing device 165 may include or be operablycoupled to a secondary storage light index 247 (“SS light index”).Typically SS light index 247 comprises a subset of the informationincluded in management light index 245. For example, SS light index 247includes a subset of information pertaining to secondary storage datafiles stored in storage devices 115 associated with the secondarystorage computing device 165. During the operation of the storageoperation cell 150, SS light index 247 may be populated or changed inthe same or similar manner as management light index 245.

The management light index 245 and SS light index 247 may be implementedin a non-relational database format, such as C-Tree from Faircom, Inc.,SimpleDB from Amazon, Inc., or CouchDB from the Apache SoftwareFoundation. In this way, the storage manager 105 may provide a fasterresponse to client 130 or other requests than if it were to querymanagement index 211, metabase 270 and/or SS index 261, and thus preventtime-outs when communicating via certain network protocols such as HTTP.Components of the storage operation cell 150 system, such as storagemanager 150, may be configured to facilitate data storage provisioningand/or cost charge backs. In some implementations, the system mayevaluate the state of stored data relative to enterprise needs by usingweighted parameters that may be user defined, e.g., in order tofacilitate the generation of or enforcement of a provisioning policy. Insome implementations, the system may calculate data costing informationand other information including information associated with the cost ofstoring data and data availability associated with storage operationcells, e.g., in order to facilitate charge backs. The system mayidentify network elements, associated characteristics or metrics withthe network elements, receive additional data, such as SRM or HSM data,from storage operation cells, and correlate the additional data with thenetwork elements to calculate a cost of data storage or an availabilityof data. In some implementations, data may be identified according touser, department, project, or other identifier. In otherimplementations, data availability or data cost is compared to a servicelevel agreement (SLA). In some implementations, a prediction of mediausage is generated according to data use, availability, or cost. Furtherdetails regarding provisioning and charge backs may be found in thecommonly assigned U.S. application Ser. No. 12/015,470, filed Jan. 16,2008, entitled “SYSTEMS AND METHODS FOR STORAGE MODELING & COSTING,”which is hereby incorporated herein in its entirety.

In some implementations, storage manager 150 may comprise a managementmodule configured to predict and plan future storage needs. Themanagement module may receive information related to storage activitiesassociated with one or more storage operation components within thestorage operation cell under the direction of the storage managercomponent. The management module is adapted to predict storage operationresource allocations based on the received information related to thestorage activities. Further details relating to the prediction ofstorage operation resource allocations may be found in the commonlyassigned U.S. application Ser. No. 11/639,830, filed Dec. 15, 2006,entitled “System and Method for Allocation of Organizational Resources”,and U.S. application Ser. No. 11/825,283, filed Jul. 5, 2007, entitled“System and Method for Allocation of Organizational Resources”, whichare hereby incorporated herein in their entirety.

In some implementations, components of the storage operation cell 150,may be configured to copy data of one or more virtual machines beinghosted by one or more non-virtual machines (e.g., hosted by a cloudstorage site 115A-N). Further details relating to copying data ofvirtual machines may be found in the commonly assigned U.S. applicationSer. No. 12/553,294, filed Sep. 3, 2009, entitled “SYSTEMS AND METHODSFOR MANAGEMENT OF VIRTUALIZATION DATA,” which is hereby incorporatedherein in its entirety.

Network Agents

Network agent 235 may comprise one or more sub-processes or networksubagents, which are typically implemented as a software module or partof a software module. Each network subagent may be responsible formanaging communications between the network agent 235 and a remotedevice conducted via a particular network protocol, such as HTTP. Remotedevices might include any component of the storage operation cell 150,such as clients 130, secondary storage computing devices 165, storagedevices 115, storage managers 105 or other networked devices. Eachnetwork subagent may do some or all of the following: accept or initiateconnections to remote devices; authenticate remote devices and/orspecific users on remote devices; receive requests from remote devices;provide responses to remote devices; log requests and responses; detector respond to network time-outs; compress or encrypt data; serve data orcontent to remote devices; redirect remote devices to other systemcomponents; call other applications, scripts, or system resources; andimplement bandwidth throttling. Each network subagent may includeinstructions for interpreting routines, data structures, object classes,and/or protocols defined in a particular API or similar interface.

Typically, each subagent manages communications made via a particularnetwork protocol. For example, each subagent manages communicationsutilizing a particular layer protocol, such as a transport layerprotocol like Transport Control Protocol (“TCP”) from the TCP/IP(Internet Protocol). However, a subagent may additionally oralternatively manage one or more protocols from a layer other than thetransport layer (e.g., application layer), more than one transfer layerprotocol.

Typical network subagents, include an HTTP subagent, an FTP subagent,and a proprietary protocol subagent. An HTTP subagent may manageconnections that utilize HTTP and/or HTTP over TLS/SSL (“HTTPS”). An FTPsubagent may manage connections to the network agent 235 that utilizethe FTP and/or secure FTP. A proprietary protocol subagent may manageconnections that utilize a particular proprietary application-layerprotocol. In some embodiments, the proprietary protocol subagent may beconfigured to facilitate a virtual private network connection runningover an HTTPS protocol, or another type of open/secure pipe wrapped inan HTTPS protocol. Non-exclusive examples of other possible networksubagents (not shown) include network subagents to implement the commoninternet file system (CIFS) protocol and the network file system (NFS)protocol.

Network Client Agents

Network client agents 255 are similar to the network agents 235.Typically, each network client subagent manages communications utilizinga network protocol, and is substantially similar to the networksubagents described above. Thus, typical network client subagentsinclude an HTTP client subagent, an FTP client subagent, a proprietaryprotocol client subagent, and a telecommunications protocol clientsubagent. An HTTP client subagent may be a web browser applicationconfigured to connect both to network client agents 255 as well as otherresources such as general Internet or web servers. A telecommunicationsprotocol client subagent may manage remote connections that utilize datatransfer protocols supported by certain types of telecommunicationsnetworks, e.g., Global System for Mobile (GSM), code/time divisionmultiple access (CDMA/TDMA), and/or 3rd Generation (3G)telecommunications networks. For example, telecommunications protocolclient subagent may permit a user to initiate an HTTP connection byusing an API associated with a mobile operating system such as WindowsMobile, BlackBerry OS, iPhone OS, Palm OS, Symbian, and Android.

Media File System Agent

Media file system agent 240 may comprise one or more media submodules.Each media submodule may permit the media file system agent 240 toperform basic file system commands (e.g., open, read, write, close, anddelete) on a certain type of storage device 115, and/or to otherwisedirect a certain type of storage device 115 to perform file system orstorage operations. For example, the media file system agent 240 maycomprise tape, optical and/or magnetic submodules to open, read, write,close, and delete data files on storage devices utilizing tape, opticaland magnetic media, respectively. Media file system agent 240 may alsocomprise one or more cloud storage submodules 236 that permit the mediafile system agent 240 to open, read, write, close, and delete data filesstored on cloud storage sites and/or otherwise direct cloud storagesites to perform data storage operations.

Cloud Storage Submodules: Vendor-Agnostic File System Calls, Bufferingof Storage Requests, and Logging Cloud Storage Performance

Each cloud storage vendor associated with a particular cloud storagesite 115A-N utilized by the system may provide an API that hasvendor-specific implementation of basic file system calls. For example,each vendor API may prescribe a different functional call foropening/creating a new data file on the vendor's cloud storage site.Typically a cloud storage vendor API will utilize REST-based protocols.The system described herein may used a cloud storage submodule to mapeach generic file system command (e.g., an open command) to the variousimplementations of the command as defined in each of the APIs providedby the various cloud storage vendors. Using the mapping, a cloud storagesubmodule may convert a generic file system command received by themedia file system agent 240 into the appropriate vendor-specific callfor a target cloud storage site 115A-N. In this way, the cloud storagesubmodule permits the system to ignore implementation details of thevarious cloud storage sites 115A-N used by the system and simply treateach site in a manner analogous to local data storage media, such aslocal optical or tape media. In this manner, a cloud storage submodulemay obviate the need for complex scripting or the addition of disparatecloud gateway appliances to write data to multiple cloud storage sitetargets. In this way, a cloud storage submodule 236 also presentsclients 130 and other system components with a unified name space, evenif the system is storing data on multiple cloud storage sites 115.

For example, the cloud storage submodule 236 includes an interface totranslate the REST-based protocols of the Amazon S3 APIs, the WindowsAzure APIs and the Rackspace APIs into generic commands for use with afile system such as Windows, Solaris, Unix or Linux. Thus, the cloudstorage submodule converts the format and parameters of relevant storagevendor APIs, such as “open file” and “write file”, into a normalized orgeneric format for use with file systems. (The cloud storage submodulemay likewise convert, if needed, the generic format into a format forspecific file systems such as Windows, Linux, etc.) As shown in FIG. 2,the cloud storage submodule 236 may reside on media file system agent140 located on the secondary storage computing device 165 to initiatefile system and storage operations on cloud storage sites (includingdata transfers to and from a site). To initiate file system and storageoperations, the cloud storage submodule 236 may invoke the network agent235, via an HTTP subagent, an FTP subagent, or another type of networksubagent, to open a suitable network connection to a target cloudstorage site so that the cloud storage submodule may make various filesystem requests upon the target cloud storage site for storageoperations via this network connection.

Some cloud storage site APIs may provide advanced functionality tomanipulate files stored on a cloud storage site that extend beyond basicfile system calls such as open, read, write. For example, cloud storagesite APIs may provide commands for the encryption, compression and/orother advanced file operations. Cloud storage submodules may map genericadvanced file operations (e.g., a generic encryption command) to thevarious implementations of the command as defined in each of the APIsprovided by the various cloud storage vendors. As one example, a cloudstorage site API may provide a command to encrypt a file located on thecloud storage site using an encryption method that does not result inthe cloud storage site receiving a key (or does not result in the cloudstorage site receiving or retaining other information sufficient todecrypt an encrypted file). For example, a cloud storage site API maypermit storing encrypted data belonging to a client on a cloud storagesite, together with an encrypted version of the encryption key that wasused to encrypt the encrypted data. A password would be required fromthe client in order to decrypt the encrypted version of the encryptionkey stored on the storage system belonging to the application serviceprovider. This is advantageous for the client, because it would preventthe application service provider from decrypting the data belonging tothe customer, without the customer's permission.

Additionally, using the mapping, a cloud storage submodule 236 maypermit other system components to direct one cloud storage site 115 totransfer some or all files to another cloud storage site 115, withoutfirst transferring the files back to the storage cell 150. In this way,the system may efficiently and effectively “fire” underperforming orexpensive cloud storage sites 115 or otherwise adjust how it usesmultiple cloud storage sites 115A-N. For example, if the systemdetermines that a cloud storage site is underperforming, it may transferfiles from the underperforming site to a different site that is meetingperformance metrics specified in a storage policy.

When a cloud storage submodule 236 initiates file system and storageoperations on a cloud storage site, it may determine or test and record(or report, e.g., to a storage manager 105) the performance achieved bythe cloud storage site, such as the throughput of the site, the numberof failures that occurred, the number of timeouts, speed of restores,speed of responses to queries, or other metrics. By determining theactual performance of cloud storage sites 115A-N, the storage operationcell 150 may adjust its classifications of various cloud storage sites115 (e.g., as first-class storage, as second-class storage, etc.)dynamically or periodically. Additionally, on a periodic basis, thesystem may determine which cloud storage sites are underperforming sothat it may transfer files from the underperforming site to a differentsite that is meeting performance metrics specified in a storage policyor take other suitable action (e.g., requesting a reduced storageprice).

A cloud storage submodule 236 may also store and/or manage credentialsor other authorization and connection information (e.g., siteconfiguration settings, login information, certificates, etc.) thatpermit the cloud storage submodule to perform storage operations on acloud storage site 115. To add a new cloud storage site 115 to thestorage operation cell 150, the system may populate each cloud storagesubmodule with the appropriate configuration settings or credentials forthe new site.

The cloud storage submodule 236, during a period of its operation, mayreceive a series of similar requests for the submodule to transfer datato a target cloud storage site (e.g., cloud storage site 115A); eachindividual request in the series may only involve a small amount of data(e.g., a few data blocks or a small data object such as an email). Forexample, since the system may utilize cloud storage submodule totransfer data to cloud storage sites 115A-N during containerizeddeduplication, it may receive a series of similar file requests (e.g.,to write several small email data objects to the same target containerfile on the same target cloud storage site). To facilitate moreefficient data transmission, which may occur over a lossy and/or latentWAN (such as the Internet), the cloud storage submodule may utilize twoor more local buffers (e.g., buffers stored in local memory, such aslocal RAM) to manage the series of transfer requests. The buffers neednot be large, and could be set in one embodiment to 128 k each, althoughlarger buffers may of course be used, and the size of the variousbuffers used by the cloud storage submodule may be configurable by theuser.

As an example, the cloud storage submodule 236 may maintain a firstbuffer that reflects the data transmitted in the last storage requestfrom the cloud storage submodule to the target cloud storage site 115A.By maintaining the first buffer, the cloud storage submodule can easilyand more quickly restart data transmission if the last request fails(e.g., due to packet loss/latency). In this example, the cloud storagesubmodule may maintain a second buffer that aggregates the dataassociated with various storage requests received by the cloud storagesubmodule from other system components (e.g., the deduplication module299) since the cloud storage submodule began transmitting the laststorage request to the target cloud storage site 115A. In this example,the contents of the second buffer may be sent as a second request to thecloud storage site 115A once the cloud storage submodule successfullytransmits the last request and/or receives confirmation that the cloudstorage site 115A successfully received the last request.

In this example, the size of the buffers may be adjusted to reflectrelative network latency and network bandwidth. For example, a largerbuffer size may be chosen if the network latency is high, so that moredata may be added to the second buffer while the cloud storage submoduletransmits the last request and/or awaits a response from the targetcloud storage site 115-A regarding the last storage request. As anotherexample, a smaller buffer size may be chosen if the network bandwidth islow, since the maximum transmission size imposed by TCP/IP protocols maybe lower. Buffering a series of requests in this manner may improvetransmission efficiency, since it may result in the transmission of lessnon-data (e.g., less transmission of padding zeros added to thetransmission as a result of TCP/IP protocols).

FIG. 3A is a flow diagram illustrating a method 300 for writing data tocloud storage sites. A cloud storage submodule 236 or another systemcomponent may perform method 300 to provide other system components withvendor-agnostic file system calls and/or efficient data transmission tocloud storage sites 115A-N. At step 340, cloud storage submodule 236receives a file system request to write data to a target cloud storagesite 115A-N. For example, cloud storage submodule 236 may receive arequest to write N blocks to a first container file located on a firstcloud storage site. At step 350, cloud storage submodule 236 adds thereceived data (e.g., N blocks of data) to a buffer.

Although not shown, prior to step 350, cloud storage submodule 236 mayfirst determine if the received request has sufficiently similarcharacteristics to other prior requests that are reflected in thebuffer. For example, cloud storage submodule 236 may determine if theinstant file system request has the same target file on the same targetcloud storage site 115A-115N as other file system requests whose data isalready stored in the buffer. If the request is not sufficientlysimilar, cloud storage submodule 236 may proceed to step 370 instead.Cloud storage submodule 236 may also allocate a new buffer and initiatea new parallel process 300 to handle the latest request using the newbuffer. Additionally, although not shown, prior to step 350, cloudstorage submodule 236 may determine if the file system request relatesto a set of data exceeding the buffer size (or another threshold size).If the related set of data is larger than the threshold size, the cloudstorage submodule 236 may simply convert the received file systemrequest to one or more vendor-specific API calls and transmit the set ofdata separately from the other buffered requests before proceeding tostep 340. For example, a received 2 MB file may bypass the buffering andsimply proceed on in the process.

At decision step 360, cloud storage submodule 236 determines if thebuffer is full. If it is not full, steps 340-360 are repeated. Forexample, cloud storage submodule 236 may receive a request to store Madditional blocks to the same file and add these M blocks of data to thebuffer. If the buffer is full at decision step 360, cloud storagesubmodule 236 proceeds to step 370. At step 370, cloud storage submoduleconverts the received file system requests to one or morevendor-specific API calls. For example, using the mapping describedherein, cloud storage submodule may identify the calls from the targetcloud storage site API that cause the target cloud storage site to (1)open a target file on the target cloud storage site for writing, and (2)write the received and buffered data to the target file. At step 380,cloud storage submodule transmits the buffer using the vendor-specificAPI calls. To transmit the buffer, cloud storage submodule may utilize anetwork agent 235 to establish an HTTP, HTTPS, and/or other suitablenetwork connection to the target cloud storage site. At step 390,generally after waiting a sufficient time for a response from the targetcloud storage site, cloud storage submodule determines if thetransmission was successful. If it was successful, process 300 returns.Otherwise, steps 380 and 390 are repeated and the data isre-transmitted.

Although not shown in FIG. 3A, while cloud storage submodule 236 isperforming steps 380-390, it may also allocate a new buffer to managenew file system requests and may initiate a parallel process 300 tomanage these new file system requests using the new buffer.

Cloud storage submodule 236 may be configured to permit a directinterface to cloud storage sites 115A-N by presenting cloud storagesites to a user or system in the same manner as a local storage volume.For example, a cloud storage submodule 236 operating on a computingdevice may permit the operating system of that computing device to“mount” a cloud storage site as a storage volume or otherwise provide aninterface to have the cloud storage site display to the operating systemof the computer as a locally attached drive (similar to network attachedstorage (NAS)). Cloud storage submodule 236 may further permit theoperating system to make various file system requests upon the mountedcloud storage site in a manner analogous to local disk storage. In suchimplementations, cloud storage submodule 236 may be installed on clients130 to facilitate easier utilization of remote cloud storage sites.

Migrating or Copying Data to Secondary Storage, Including SecondaryCloud Storage

FIG. 3B shows a flow diagram illustrating a suitable routine 300 formigrating or copying data into an archive format in secondary storage,including secondary cloud storage. In step 310, the system receives acopy of an original data set from a file system. Alternatively, thesystem may access the copy or otherwise communicate with data storagecomponents in a data storage system to gain access to the data to becopied.

At step 310 (or at any other suitable point in routine 300), the systemmay check the original data set against any audit policies applicable tothe data set to determine if the data set comprises one or moresensitive objects and whether the migration or copying of sensitiveobjects to secondary storage requires approval by a reviewer or otheraction. If approval or other action is required, the system may takeappropriate steps in accordance with the applicable audit policy, suchas notifying a reviewer of the sensitive object and pausing the routine300 until the system receives an indication that the reviewer approvesof the migration/copying. As another example, the system may continue toperform routine 300, but only for the non-sensitive data objects in thedata set. If the system receives an indication that the reviewer doesnot approve of the migration/copying of a sensitive object, the systemmay take other steps in accordance with the applicable audit policy. Forexample, the system may break the set into two or more data subsets (onecontaining no sensitive objects) and store the data subsets that havesensitive objects in an archive format at a suitable alternativesecondary storage location (e.g., a local storage device 115).

In step 320, the system may index the data in the copy. For example, thesystem may index the content of the data as described herein. In step330, the system may perform deduplication upon the data, by removingduplicate instances of files, data objects, blocks, sub-objects, andother information, and storing deduplicated data (or “dehydrated data”)in secondary cloud storage, typically in an archive file format.Although not shown explicitly, in some embodiments, the indexing of thedata at block 320 may occur after deduplication of the data at block330, in order to reduce the volume of data that the system must index.Indexing, deduplication, and storing deduplicated data for cloud storageare described in greater detail herein, beginning with deduplication andfollowed by indexing.

Although not shown, the system may encrypt the data before or after asecondary copy or archival copy is created. For example, the system mayemploy many different techniques for encrypting the archive copy,including encryption techniques that satisfy Federal InformationProcessing Standards (FIPS). Further details about encryption andencrypting archive copies of data may be found in commonly assigned U.S.Patent Publication No. US2008-0320319A1, filed on Mar. 31, 2008,entitled SYSTEM AND METHOD FOR ENCRYPTING SECONDARY COPIES OF DATA.Additionally, although not shown, the system may compress the databefore or after a secondary copy or archival copy is shown. For example,the system may employ many different well-known techniques orapplications for compressing data, including Lempel-Ziv (LZ) techniques,DEFLATE techniques, and LZ-Renau (LZR) techniques.

In some implementations, the techniques described herein may be utilizedto make secondary disk copies to disaster recovery (DR) locations usingauxiliary copy or replication technologies as noted above.

In some examples, the techniques described herein may be used on copiesof data created by replication operations such as CDR (Continuous DataReplication) and DDR (Discrete Data Replication). For example, for dataprotected by a replication operation, multiple Consistent RecoveryPoints (CRPs) are established, and the replicated data can analyzed atsuch CRPs. To create a CRP, the system suspends writes to the data, andmakes a copy of the data. The system then transfers that copy to anotherlocation, such as to one of the cloud storage sites. Further details onCDR may be found in the assignee's U.S. Pat. No. 7,651,593, entitled“SYSTEMS AND METHODS FOR PERFORMING DATA REPLICATION”.

Deduplication

Referring to FIG. 4, the deduplication module 299 includes variouscomponents that perform various functions associated with deduplication,some of which are described below. More details may be found in theassignee's U.S. Pat. Pub. No. 2008-0243958, entitled SYSTEM AND METHODFOR STORING REDUNDANT INFORMATION, the entirety of which is incorporatedby reference herein. These components include a data objectidentification component 410, an identifier generation component 420, anidentifier comparison component 425, and a criteria evaluation component430. The data object identification component 410 identifies files, dataobjects, sub-objects, or blocks, such as in response to a storageoperation. The identifier generation component 420 generates anidentifier for the file, data object, sub-object, or block (identifiersare discussed in more detail below) The identifier comparison component425 performs comparisons of identifiers of various files, data objects,sub-objects, or blocks to determine if the files, data objects,sub-objects, or blocks contain similar data (for example, the identifiercomparison component 425 can compare identifiers of two or more files,data objects, sub-objects, or blocks to determine if the files or dataobjects contain the same data, metadata such as access control lists(ACLs), descriptive metadata that describes the files, data objects,sub-objects, or blocks (e.g., file name, file size, file author, etc.)of the two or more files, data objects, sub-objects, or blocks). Thecriteria evaluation component 430 evaluates aspects of files, dataobjects, sub-objects, or blocks against a set of criteria. Thededuplication module 299 may also contain other components that performother functions.

Examples of identifiers include a hash value, message digest, checksum,digital fingerprint, digital signature, or other sequence of bytes thatsubstantially uniquely identifies the file or data object in the datastorage system. For example, identifiers could be generated usingMessage Digest Algorithm 5 (MD5) or Secure Hash Algorithm SHA 512. Insome instances, the phrase “substantially unique” is used to modify theterm “identifier” because algorithms used to produce hash values mayresult in collisions, where two different data objects, when hashed,result in the same hash value. However, depending upon the algorithm orcryptographic hash function used, collisions should be suitably rare andthus the identifier generated for a file or data object should be uniquethroughout the system. The term “probabilistically unique identifier”may also be used. In this case, the phrase “probabilistically unique” isused to indicate that collisions should be low-probability occurrences,and, therefore, the identifier should be unique throughout the system.In some examples, data object metadata (e.g., file name, file size) isalso used to generate the identifier for the data object.

The hash values may also be used to verify data transferred to a cloudstorage site. For example, a file may first be locally hashed at aclient to create a first hash value. The file may then be transferred tothe cloud storage site. The cloud storage site in turn similarly createsa hash value and sends this second hash value back. The client may thencompare the two hash values to verify that the cloud storage siteproperly received the file for storage. As explained herein, varioussystem components, from the client, to storage cell components, to cloudgateways, to cloud storage sites themselves may perform such hashing andgeneration of hash values for verification.

Object-Level Deduplication

The deduplication module 299 may conduct object-level deduplication asfollows before transferring data to cloud storage sites 115. (Furtherdetails may be found in the assignee's U.S. Pat. Pub. No. 2009-0319585,entitled APPLICATION-AWARE AND REMOTE SINGLE INSTANCE DATA MANAGEMENT).First, the deduplication module 299 generates an identifier for a dataobject. After generating the identifier for a data object, thededuplication module 299 determines whether it should be stored to thecloud storage site 115 as a secondary copy (e.g., a backup copy) of thedata of the clients 130. To determine this, the deduplication module 299accesses the deduplication database 297 to check if a copy or sufficientnumber of copies or instances of the data object have already beenappropriately stored on a cloud storage site 115. The deduplicationdatabase 297 utilizes one or more tables or other data structures tostore the identifiers of the data objects that have already been storedon a cloud storage site 115. In one implementation, the system may storemultiple copies of a data object, but only one copy of the data objectwith each of multiple, different cloud storage sites, and the datastructure described herein facilitates that process.

If an insufficient number of copies or instances of the data object havealready been appropriately stored on a cloud storage site 115, thededuplication module 299 sends the data object to one of the cloudstorage site 115 for storage and adds its identifier to thededuplication database 297 (or if an instance already existed, thededuplication module 299 may add a reference, e.g., to an index in thededuplication database 297, such as by incrementing a reference count inthe index). The deduplication module may also store in the deduplicationmodule 297 a URL, link, path or identifier of the location or identityof the particular cloud storage site if multiple sites are being used.

If a sufficient number of instances have been appropriately stored, thededuplication module 299 can avoid sending another copy to the cloudstorage site 115. In this case, the deduplication module 299 may add areference (e.g., to an index in the deduplication database 297, such asby incrementing a reference count in the index) to the already storedinstance of the data object, and may only store a pointer to the dataobject on the cloud storage site 115. The link or pointer may comprise aURL to a data object or file within a cloud storage site 115A-N. Asexplained below, adding a reference to the already stored instance ofthe data object enables the storage of only a single instance of thedata object (or fewer instances of the data object) while still keepingtrack of other instances of the data object that do not need to bestored.

In some examples, instead of the clients 130 sending the data objects tothe deduplication module 299 and the deduplication module 299 generatingthe identifiers, the clients 130 can themselves generate an identifierfor each data object and transmit the identifiers to the deduplicationmodule 299 for lookup in the deduplication database 297. This examplemay be useful if the clients were to send data directly to the cloudstorage site 115, and thus deduplicating data before sending it canconserve time and bandwidth, and storage resources at the cloud storagesite (which may charge based on amount of data stored.) If thededuplication module 299 determines that a sufficient number ofinstances of a data object have not already been appropriately stored ona cloud storage site 115, the deduplication module 299 can instruct theclient 130 to send it a copy of the data object, which it then stores onthe cloud storage site. In this example, the deduplication module mayreside on a server to which the client is connected (e.g. over a LAN orsecure WAN). Alternatively, the client 130 itself can send the copy ofthe data object to the cloud storage site 115, in which case the clientmay have the deduplication module 299 residing on the client. In someexamples, the deduplication module 299 generates the identifier on dataalready stored on the cloud storage site 115 or on other cloud storagesites (e.g., secondarily stored data is deduplicated).

The deduplication module 299 can support encrypted data objects. Forexample, one client 130 could generate an identifier for a data object,and then encrypt it using one encryption algorithm. Another client 130could generate an identifier for another data object, and then encryptit using another encryption algorithm. If the two data objects areidentical (meaning the two objects have the same data, while theirmetadata, such as ACLs or descriptors, could be different), they willboth have the same identifier. The deduplication module 299 can thenstore both encrypted instances of the data object or only a singleencrypted instance (or a reduced number of encrypted instances). In someexamples, the deduplication module 299 stores a key or other mechanismto be used to encrypt and/or decrypt data. The deduplication module 299can also support compressed data objects. In general, the samecompression algorithm may be used to compress data objects. Therefore,the deduplication module 299 can generate an identifier for a dataobject before or after it has been compressed.

Data Structures for Object-Level Deduplication

Some details will now be provided of suitable object, sub-object leveland block level deduplication that the system may employ. Furtherdetails may be found in the assignee's U.S. patent application Ser. No.12/565,576, filed Sep. 23, 2009, entitled “Systems and Methods forManaging Single Instancing Data” and the assignee's U.S. patentapplication Ser. No. 12/553,199, filed Sep. 3, 2009, entitled“TRANSFERRING OR MIGRATING PORTIONS OF DATA OBJECTS, SUCH AS BLOCK-LEVELDATA MIGRATION OR CHUNK-BASED DATA MIGRATION”. FIGS. 5A and 5B are blockdiagrams illustrating various data structures which aspects of theinvention may utilize for deduplicating and storing copies or instancesof data objects on the cloud storage site 115. FIG. 5A illustrates adata structure 500 used in a storage operation. For the storageoperation, a chunk folder 502 is created on the cloud storage site 115.Contained within the chunk folder are three files: 1) a metadata file504; 2) an “N” file 506; and 3) a single instance, or “S” file 508. Thethree files are each logical containers of data. The “S” file storesdeduplicated data (e.g., deduplicated files). The “N” file stores' datathat is not deduplicated (e.g., metadata, such as descriptive metadataassociated with deduplicated files). The metadata file stores referencesto the location(s) of data objects in the “S” file and the “N” file.Note that although three container files are shown (S, N, and index), insome embodiments a chunk folder may comprise more than one “S” file(e.g., S1, S2 . . . Sy, where y is an integer) to store deduplicateddata and/or more than one “N” file (e.g., N1, N2 . . . Nz, where z is aninteger). While described as being stored on the cloud storage site 115,the “N” and metadata files may alternatively or additionally be storedelsewhere, such as on the secondary storage computer device 165 and/orstorage manager 105.

The chunk folder 502 and the files 504-508 may be equivalent to adirectory and files (or folder and files) on a file system. For example,the chunk folder 502 may be a directory and the files 504-508 may befiles located within the directory. As another example, the chunk folder502 may be a file and the files 504-508 may be portions of the file. Asanother example, the files 504-508 may be collections of blocks or bytesgrouped together. Those of skill in the art will understand that thechunk folder 502 and the files 504-508 may be comprised in various datastructures and are not limited to a directory and files within thedirectory.

The deduplication module 299 places data objects in the “S” file 508that meet certain criteria for deduplication. These criteria may includethe following: 1) that the data object has been determined to be data orof type data (as opposed to metadata or of type metadata); and 2) thatthe data object is larger than a pre-configured size, such as 64 Kb.Type data is generally the payload portion of a file or data object(e.g., a file's contents) and type metadata is generally the metadataportion of the file or data object (e.g., metadata such as file name,file author, etc.). This pre-configured size may be configurable by anadministrator or other user with the appropriate permissions. Forexample, if the administrator wants all data objects of type data to bededuplicated, the administrator can set the pre-configured size to 0 Kb.As another example, if the administrator wants only data objects of typedata greater than 128 Kb to be deduplicated, the administrator can setthe pre-configured size to 128 Kb.

The deduplication module 299 determines if a data object meets thesecriteria by evaluating aspects of the data object (e.g., its type, itssize) against the criteria. If so, the deduplication module determinesif a sufficient number of instances of the data object have already beenappropriately stored on the cloud storage site 115 (or elsewhere), whichthe deduplication module determines by generating or retrieving anidentifier for the data object and looking up the identifier in thededuplication database 297. During this lookup, to determine whetherother instances were appropriately stored, the deduplication database297 may restrict the lookup to only those instances of the object storedon certain cloud storage sites 115 and/or certain classes of cloudstorage sites 115. For example, the deduplication database 297 mayrestrict the lookup to those cloud storage sites 115 that would satisfyapplicable storage policy parameters, such as class of storage used forthe object. Additionally, during this lookup, the deduplication database297 may restrict the lookup to only those instances of the object storedwithin a certain time frame. For example, the deduplication database 297may restrict lookup only to those instances stored within secondarystorage in the last seven years.

If a sufficient number of instances of the data object have already beenappropriately stored on a cloud storage site 115, the deduplicationmodule 299 places the data object in the “S” file 508. The deduplicationmodule 299 may also apply other criteria that the data object must meetfor deduplication (e.g., criteria based upon characterizing orclassifying the data object using techniques such as those described incommonly assigned U.S. Pat. Pub. No. 2007-0185925 (entitled SYSTEMS ANDMETHODS FOR CLASSIFYING AND TRANSFERRING INFORMATION IN A STORAGENETWORK), the entirety of which is incorporated by reference herein).

For each data object that is placed in the “S” file 508, thededuplication module 299 adds a reference to the data object in themetadata file 504, called an internal reference. For example, theinternal reference may be a pointer or link to the location of the dataobject in the “S” file 508. As further described herein, thededuplication module 299 maintains a primary table that contains all thededuplication records of all data objects for which an identifier wascreated. The deduplication module 299 may add as the internal referencea record of the already stored instance of the data object from theprimary table.

The deduplication module 299 places data objects in the “N” file 506that do not meet the above criteria for deduplication. For example, adata object may be metadata (e.g., ACLs for a file that is placed in the“S” file, file descriptor information, etc.). In this case, the dataobject will be placed in the “N” file. As another example, a data objectmay be smaller than the pre-configured size, e.g., the data object issmaller than 64 Kb. In this case, the deduplication module 299 may incurtoo much overhead to generate its identifier and perform a lookup of theidentifier in the deduplication database 297. Therefore, the data objectis placed in the “N” file. As another example, a prior instance of anobject may have been stored on tape and reflected in the deduplicationdatabase 297, but the storage policy applicable to the current dataobject requires disk storage. Therefore, the data object is placed inthe “N” file 506. For each data object that is placed in the “N” file506, the deduplication module 299 may also add a reference to the dataobject in the metadata file 504, called an internal reference. Forexample, the internal reference may be a pointer or link to thelocation(s) of the data object in the “N” file. A new “N” file may becreated during each storage operation job.

FIG. 5B illustrates a data structure 510 that may be created as a resultof one or more storage operations. The data structure 510 is similar tothe data structure 500 illustrated in FIG. 5A, but now includes a secondchunk folder 502′. For example, the deduplication module 299 may createthe second chunk folder 502′ as a result of a second storage operation.Consider the situation where a single data object is subjected to twosuccessive storage operations. The first storage operation would resultin the creation of the first chunk folder 502 illustrated in FIG. 5A,with the single data object in a first “S” file 508, its metadata (e.g.,ACLs) in a first “N” file 506, and any references to the single dataobject and its metadata in a first metadata file 504.

The second storage operation would result in the creation of the secondchunk folder 502′ illustrated in FIG. 5B. As illustrated in FIG. 5B, thesecond chunk folder 502′ would have a second “N” file 506 containing themetadata (e.g., the ACLs of the single data object, regardless ofwhether they have changed) and a second metadata file 504. Instead ofhaving a second “S” file 508, the second metadata file 504 would have apointer 515 to the single data object contained in the first “S” file508. Because an instance of the single data object is already containedwithin the first “S” file 508, there is no need for another instance ofit to be contained within the second “S” file 508. However, there is aneed to keep a record of the fact that the second storage operationinvolved an instance of the single data object. This is accomplished bythe pointer 515 within the second metadata file 504.

In some cases, instead of always placing in the “N” file 508 dataobjects that do not meet the above criteria for deduplication, thededuplication module 299 generates an identifier for the data object,looks up the identifier in the deduplication database 297 to see if thedata object has already been stored, and if not, places it in the “S”file 508. If the data object has already been stored, the deduplicationmodule would then add a pointer to the location of the instance of thepreviously stored data object in the metadata file 504. For example,this variation on the process could be used to deduplicate metadatainstead of always storing it in the “N” file 506.

FIG. 5C illustrates a data structure 520 for the metadata file 504. Thedata structure 520 consists of one or more stream headers 522 and streamdata 524. The stream header 522 describes a data object contained in an“N” file 506 or an “S” file 508 (e.g., its location, its size, an offsetwithin the file, etc.). The stream data 524 contains the pointer to thedata object contained in the “N” file 506 or the “S” file 508. Forexample, the pointer may give its location within the “N” file 506 orthe “S” file 508. The location of the data object may be given byoffsets within the “N” file 506 or the “S” file 508. For example, itslocation may be given by a starting offset, and its length or size. Asanother example, its location may be given by a starting offset and anending offset. As previously mentioned, the data object may be in an “S”file 508 in another chunk folder, and the stream data 524 would point tothis “S” file in the other chunk folder (e.g., give its location in the“S” file in the other chunk folder). Each time the deduplication module299 places a data object in the “S” file 508, the deduplication module299 adds a stream header 522 and corresponding stream data 524 to themetadata file 504.

One advantage of the data structures 500, 510, 520 illustrated in FIGS.5A through 5C and the techniques described herein is that they reducethe number of files stored on the file system of the cloud storage site115. Thus, there are as little as three files created for each storageoperation—the metadata file 504, the “N” file 506, and the “S” file 508.Therefore, a maximum number of files on the file system of the cloudstorage site 115 may be as low as the number of storage operationsperformed by the deduplication module 299 multiplied by three. Filesystems of certain operating systems may have practical limits to thenumbers of files that they can store that are well below theirtheoretical limits. For example, a file system may not, in practice, beable to store a number of files above a certain threshold withoutexperiencing significant system degradation (which can be defined innumerous ways, such as an increase in seek time of randomly accessedmedia that is ten percent longer than normal, a delay in reads or writeson randomly accessed media, or in other ways).

By storing multiple data objects in a small number of container files(as few as two), the storing of each data object as a separate file onthe file systems of the cloud storage site can be avoided. This reducesthe number of files that would be stored on the file systems of thecloud storage site, thereby ensuring that the cloud storage site canadequately store the data of computing devices in the data storagenetwork. Therefore, the file system of the cloud storage site may notnecessarily have to contend with storing excessively large numbers offiles, such as millions of files or more. Accordingly, these techniquesenable very large numbers of data objects to be stored without regard tothe limitations of the file system of the cloud storage site.

Further, separate files may be established for separate customers usingthe cloud storage site. So, the could storage site 115A may establishseparate folders for each new customer who contracts to store data atthe site, and thus that customer's data is logically segregated fromdata of other customers.

Even if the deduplication module 299 performs numerous storageoperations using these data structures 500, 510, this will result in farfewer files on the cloud storage site 115 than storage operations whereeach involved data object is stored as a separate file. Anotheradvantage is that the metadata files 504 could be used to replicate thedata stored in the deduplication database 297 or reconstruct thededuplication database 297 if its data is ever lost or corrupted. Thisis because the metadata files 504 may store essentially the sameinformation as what is stored in the deduplication database 297.

However, the storage of data objects in containers such as the “N” file506 and the “S” file 508 may create additional complexities when itcomes time to prune or delete data objects involved in previous storageoperations. This is because the data objects are not stored as files onthe file system and thus cannot be directly referenced by the filesystem. For example, consider a first storage operation, involving afirst file and a second file, and a second storage operation, involvingthe first file and a third file, both occurring on the same day. Furtherconsider that the first storage operation's files are eligible to bepruned after 15 days and the second storage operation's files areeligible to be pruned after 30 days. Using the techniques describedherein, the first storage operation would store the first and secondfiles in an “S” file 508 and the second storage operation would store apointer to the first file in an “N” file 506 and the third file inanother “S” file 508.

After 15 days have elapsed, the first and second files are eligible tobe pruned. The first file is referenced by the “N” file 506 of thesecond storage operation and cannot yet be pruned. However, the secondfile, because it is not referenced by any “N” files 506 in any otherstorage operations, can be pruned. Using the metadata file 504corresponding to the “S” file 508, the deduplication module 299 locatesthe second file within the “S” file 508. The deduplication module 299can then instruct the operating system (e.g., a Windows operatingsystem, a Unix operating system, a Linux operating system, etc.) of thecloud storage site 115 to convert the “S” file 508 into a sparse file. Asparse file is a well-known type of file having data within but notfilling the file's logical space (e.g., at the beginning of the file andat the end of the file, and a hole or empty space in between). Inconverting the “S” file 508 into a sparse file, the portionscorresponding to the second file may be zeroed out. These portions arethen available for storage of other files or data objects by theoperating system on cloud storage sites (e.g., on magnetic disks, butsparse files may be used on other types of cloud storage sites, such astape or optical disks). Additionally or alternatively, the “S” file maybe designated as a sparse file upon its creation.

After 30 days have elapsed, the first and third files are eligible to bepruned. Assuming that there are no intervening storage operationsinvolving files that reference either of these files, both the first andthird files can be pruned. The chunk folders 502 corresponding to thefirst and second storage operations can be deleted, thereby deleting themetadata files 204, the “N” files 506 and the “S” files 508 andrecovering the space previously allocated for their storage. (Theprocess for pruning data objects is discussed in greater detail withreference to, e.g., FIGS. 4 and 14.) Therefore, the data structures 500,510, 520 illustrated in FIGS. 5A through 5C and the techniques describedherein also allow for pruning data objects to recover space previouslyallocated to them on the cloud storage site 115.

Accordingly, the data structures 500, 510, 520 illustrated in FIGS. 5Athrough 5C and the techniques described herein enable the performance ofstorage operations cumulatively involving very large numbers of dataobjects, while still allowing for recovery of space allocated to thesedata objects when their storage is no longer required. For example, anadministrator can back up numerous files across numerous clients andavoid storing redundant copies or instances of the files. Theadministrator can also easily recover space on the cloud storage site115 when it is no longer required to store the files, for example, asaccording to a retention policy that indicates for how long files are tobe stored on the cloud storage site 115. Accordingly, the datastructures and techniques described herein enable the optimization ofstorage operations involving very large numbers of data objects.

After having been stored on the cloud storage site 115, files containedin chunk folders may be moved to secondary storage, such as to diskdrives, cloud storage sites, or to tapes in tape drives. More details asto these operations may be found in the previously referenced U.S. Pat.Pub. No. 2008-0243958, entitled SYSTEM AND METHOD FOR STORING REDUNDANTINFORMATION. In moving chunk files to secondary storage, they may beconverted into an archive file format. In some examples, the techniquesdescribed herein may be used to deduplicate data already stored onsecondary storage.

FIG. 5D is an illustration of a data structure 540 for storing chunkfolders and their container files in an archive file format. The archivefile may be stored on various cloud storage sites, such as on diskdrives, magnetic tapes, or cloud storage sites. The archive fileincludes a chunk 0 542 located at offset 0, a chunk 1 542 located atoffset 5, a chunk 2 542 located at offset 10, a chunk 3 542 located atoffset 15, and a chunk n located at offset 65. The offsets are inrelation to the start of the archive file. More details as to a suitablearchive file format may be found in the assignee's U.S. Pat. Pub. No.2008-0229037, entitled SYSTEMS AND METHODS FOR CREATING COPIES OF DATA,SUCH AS ARCHIVE COPIES, the entirety of which is incorporated byreference herein. An archive file may be considered as a container ofdata objects.

Pruning Object-Level Deduplicated Data

Consider the example of a client for which a storage operation job wasperformed on Jan. 1, 2008, resulting in the creation of an archive file.A retention policy provides that the archive file has to be retained for30 days. On Jan. 31, 2008, the archive file becomes prunable and thuscan be deleted. Deleting the archive file may require deleting datastored in one or more chunks on one or more media. However, the archivefile may not be able to be deleted if it is referenced by data objectswithin other archive files. This is to avoid orphaning data objects,e.g., by deleting a data object when it is still referenced in anotherarchive file. The system keeps tracks of references to data objects inorder to avoid orphaning data objects.

To assist in pruning, the deduplication database 299 maintains a primarytable and a secondary table. The primary table contains all the singleinstance records of all data objects for which an identifier wascreated. For each record in the primary table, the secondary tablecontains a record that may reference the record in the primary table.

FIGS. 7A and 7B illustrate example primary and secondary tables 700,750. The primary table 700 has a primary record ID column 710 that maycontain primary keys, a file ID column 720 that contains an identifierof a file or data object (e.g., the identifier of the file or dataobject), and a location column 730 that contains the location of thefile or data object (e.g., the archive file ID and its offset within thearchive file). The primary table 700 may also contain other columns (notshown).

The secondary table 750 has a secondary record ID column 760 that maycontain primary keys, an archive file ID column 765 that contains thearchive file ID, a file column 770 that contains the same identifier ofthe file or data object as in the primary table 700, and areference_(IN) column 775 that contains an identifier (in the form of anarchive file ID and an offset) of a file or data object that referencesthe archive file. The secondary table 750 also has a reference_(OUT)column 780 that contains an identifier (in the form of an archive fileID and an offset) of a referenced file or data object. The secondarytable 750 may also contain other columns (not shown).

FIG. 6 is a flow diagram illustrating a process 600 for pruning adeduplication database 299 by pruning or deleting data objects stored inarchive files, or entire archive files. As previously noted, archivefiles can be thought of as containers of data objects. The process 600begins at step 605 where a selection of an archive file to be pruned ismade. This selection can be made manually, such as by an administrator,or automatically, such as by the archive file aging out of a retentionpolicy. At step 610, the media file system agent 240 performs a lookupof the archive file in the primary 700 and secondary tables 700, 750. Atstep 615, the media file system agent 240 determines if the archive filehas references out (e.g., to other archive files).

If the archive file has references out, the process 600 continues tostep 620, where the references out are deleted. At step 625, the mediafile system agent 240 determines if the archive files referenced by thereferences out have other references in. If there are no otherreferences in, at step 630, the media file system agent 240 prunes thearchive files referenced by the references out.

If the archive file does not have any references out (step 615), or ifit does, and if the archive files referenced by the references out haveother references in (step 625), the process 600 continues at step 635.At this step, the media file system agent 240 determines if the archivefile has references in. If it does have references in, this means thearchive file cannot be pruned. The process continues at step 640, wherethe media file system agent 240 deletes the references in. At step 645the media file system agent 240 adds a reference to the archive file toa deleted archive file table (discussed below).

If the archive file does not have any references in (step 635), themedia file system agent 240 prunes the archive file at step 650. Themedia file system agent 240 then creates an entry in the deleted archivefile table for the pruned archive file (if there wasn't already anentry) and adds a deleted timestamp to the entry. If there is already anentry for the pruned archive file, the media file system agent 240 addsa deleted timestamp to the entry at step 655.

FIG. 7C illustrates an example deleted archive file table 752. Thedeleted archive file table 752 has a primary record ID column 754 thatmay contain primary keys, an archive file ID column 756 that contains anidentifier of the archive file, a reference_(IN) column 758 thatcontains an identifier (in the form of an archive file ID and an offset)of a file or data object that references the archive file, and a deletedtimestamp column 762 that contains a timestamp indicating when thearchive file was deleted. In the case of an archive file that has notyet been deleted, the timestamp deleted column would be empty or null inthe archive file's entry.

The process 600 will now be explained using the examples of the recordsshown in the primary and secondary tables 700, 750. At time T₁, theprocess 600 begins. At step 605, the media file system agent 240receives a selection of AF₁ to prune. At step 610 the media file systemagent 240 looks up AF₁ in the primary and secondary tables 700, 750. Atstep 615, the media file system agent 240 determines that AF₁ has areference out, shown by entry 794 in the secondary table 750. (Entry 792is shown in the secondary table 750 with strikethrough to indicate thatit was previously deleted during an operation to prune AF₀.) At step620, the media file system agent 240 deletes this reference out bydeleting entry 794 from the secondary table 750. At step 625, the mediafile system agent 240 determines if AF₀ has any other references in.Since the only reference in for AF₀ is from AF₁ (which is to be pruned),AF₀ does not have any other references in. At step 630, the media filesystem agent 240 then prunes AF₀ and adds a timestamp indicating thatAF₀ was pruned at time T₁ at entry 772 of the deleted archive file table752.

At step 635, the media file system agent 240 determines if AF₁ has anyreferences in. AF₁ has a reference in from AF₃, shown in entry 796 ofthe secondary table 750. The media file system agent 240 thus cannotprune AF₁. At step 640, the media file system agent 240 deletes thereferences in to AF₁ by deleting entry 796 from the secondary table 750.At step 645, the media file system agent 240 adds entry 774 to thedeleted archive file table 752, leaving the deleted timestamp blank. Theblank timestamp indicates that AF₁ should be pruned. The process 600then concludes.

At time T₂, the process 600 begins anew. At step 605, the media filesystem agent 240 receives a selection of AF₃ to prune. At step 610, themedia file system agent 240 looks up AF₃ in the primary and secondarytables 700, 750. At step 615, the media file system agent 240 determinesthat AF₃ has a reference out, shown by entry 798 in the secondary table750, which references AF₁. At step 620, the media file system agent 240deletes entry 798 from the secondary table 750. At step 625, the mediafile system agent 240 determines if AF₁ has any other references in.Since the only reference in for AF₁ is from AF₃ (which is to be pruned),AF₁ does not have any other references in and can now be pruned. At step630, the media file system agent 240 then prunes AF₁ and adds atimestamp indicating that AF₁ was pruned at time T₂ at entry 774 of thedeleted archive file table 752. This entry now indicates that AF₁ hasbeen pruned at time T₂.

At step 635, the media file system agent 240 determines if AF₃ has anyreferences in. AF₃ has no references in listed in the secondary table750. The media file system agent thus can prune AF₃. At step 650, themedia file system agent 240 prunes AF₃. At step 655, the media filesystem agent 240 adds the entry 776 to the deleted archive file table752 with a deleted timestamp as T₂. The process 600 then concludes.

The pruning process 600 thus enables the system to maximize availablestorage space for storing archive files by storing them efficiently andthen deleting or pruning them when it is no longer necessary to storethem. The pruning process 600 may have additional or fewer steps thanthe ones described, or the order may vary other than what is described.For example, instead of the media file system agent 240 adding atimestamp to an entry in the deleted archive file table 752 to indicatewhen the archive file was pruned, the media file system agent may simplydelete the entry from the deleted archive file table 752. As anotherexample, entries in the primary table 700 may also be deleted when thecorresponding archive files are deleted. Those of skill in the art willunderstand that other variations are of course possible.

Sub-Object-Level Deduplication

Instead of deduplication of data objects, deduplication can be performedon a sub-object level in a substantially similar fashion to thatdescribed previously with respect to object-level deduplication. Asub-object is a set of blocks that forms a proper subset of all of theblocks within a file or data object. That is, for a file consisting of nblocks, the largest sub-object of the file comprises at most n−1 blocks.An object may thus comprise two or more sub-objects, and be a logicaldivision of the data object. For example, a .pst file may include two ormore sub-objects: a first sub-object that stores emails from a user'smailbox, and one or more sub-objects that stores attachments or otherdata objects associated with the user's mailbox (e.g. subfolders, sharedfolders, etc.) The deduplication module 299 may include an objectdivision component (not shown) that divides data objects, such as files,into sub-objects. The object division component may receive files orobjects, divide the files into two or more sub-objects, and thendeduplicate the two or more sub-objects as described previously withrespect to object-level deduplication.

The object division component may perform different processes whendetermining how to divide a data object. For example, the objectdivision component may include indexing, header, and other identifyinginformation or metadata in a first sub-object and the payload in othersub-objects. The object division component may follow a rules-basedprocess when dividing a data object. The rules may define a minimum ormaximum data size for a sub-object, a time of creation for data within asub-object, a type of data within a sub-object, and so on.

For example, the object division component may divide a user mailbox(such as a .pst file) into a number of sub-objects, based on variousrules that assign emails within the mailbox to sub-objects based on themetadata associated with the emails. The object division component mayplace an index of the mailbox (and its various subfolders) in a firstsub-object and all emails for that mailbox in other sub-objects. Theobject division component may then divide the other sub-objects based ondates of creation, deletion or reception of the emails, size of theemails, sender of the emails, type of emails, and so on. Thus, as anexample, the object division component may divide a mailbox as follows:

User1/Sub-object1 Index User1/Sub-object2 Sent emails User1/Sub-object3Received emails User1/Sub-object4 Deleted emails User1/Sub-object5 AllAttachments.Of course, other divisions are possible. Sub-objects may not necessarilyfall within logical divisions. For example, the object divisioncomponent may divide a data object based on information or instructionsnot associated with the data object, such as information about datastorage resources, information about a target cloud storage site,historical information about previous divisions, and so on.Once the division component has divided an object into sub-objects,deduplication of the sub-objects proceeds in substantially the samefashion as described previously with respect to object-leveldeduplication. To do this, the deduplication module determines, byanalyzing data structures in the deduplication database in view of thesub-object's identifier, whether the sub-object of data is alreadystored on a cloud storage site. If it is, then the secondary storagecomputing device 1) stores a link to the already stored sub-object ofdata in a metadata file and 2) discards the sub-object of data from thememory buffer. If it is not already stored, then the secondary storagecomputing device 165 stores the sub-object of data in a container file.A link or pointer may comprise a URL to a data object or file within acloud storage site 115A-N.

Block-Level Deduplication

Instead of deduplication of files, data objects or sub-objects,deduplication can be performed on a block level. Files can be brokeninto blocks and deduplicated by the deduplication module 299. Typicallyblocks are fixed sizes, such as 64 Kb or 128 Kb. In such embodiments,typically, the clients 130 will generate the identifiers, sincedistributed identifier generation may free up the deduplication module299 to perform other operations (e.g., storing data, retrieving data,etc.). The clients 130 typically send the blocks of data and other data(e.g., metadata and/or the data that is not eligible for deduplication)in a data stream to the deduplication module 299. A deduplication module299 receives blocks of data from the clients 130 and accesses adeduplication database 297 to determine whether a sufficient number ofinstances of each block have been appropriately stored. To do this, thesystem determines, by analyzing data structures in the deduplicationdatabase 297 in view of the block's identifier, the number of instancesof each block of data that is already appropriately stored on a cloudstorage site. During this lookup, to determine whether prior instanceswere appropriately stored, the system may only consider those instancesof the object stored on certain cloud storage sites 115 and/or certainclasses of cloud storage sites 115. For example, the deduplicationmodule 299 may restrict the lookup to those cloud storage sites 115 thatwould satisfy storage policy parameters applicable to each block, suchas class of storage used for the object (e.g. data security associatedwith a particular cloud storage site). Additionally, during this lookup,the deduplication database 297 may restrict the lookup to only thoseinstances of a block stored within a certain time frame. For example,the deduplication database 297 may restrict lookup only to thoseinstances stored within secondary storage in the last seven years.

If an appropriate number of instances of a block have already beenappropriately stored, then the deduplication module 299 1) stores a linkto the already stored block of data in a metadata file and 2) discardsthe block of data from the memory buffer. If it is not already stored,the deduplication module 299 stores the block of data in a containerfile. A link or pointer may comprise a URL to a block or file within acloud storage site 115A-N.

Because the size of a block of data and associated metadata is typicallyless than the size of a memory buffer, the deduplication module 299 cankeep a single block of data in a single memory buffer while it looks upits identifier in the deduplication database 297. This allows thededuplication module to avoid writing the block of data to a disk (anoperation that is typically slower than storing the block of data in aRAM buffer) until the deduplication module determines that it needs tostore the block of data in a container file on a cloud storage site. Thededuplication module 299 stores data that is not eligible fordeduplication in metadata files.

Alternatively, the clients 130 may transmit only the identifiers to thededuplication module 299 for lookup in the deduplication database 297.If the deduplication module 299 determines that an instance of a blockhas not already been stored on the cloud storage site 115, thededuplication module 299 can instruct the client 130 to send a copy ofthe block to the deduplication module, which it then stores on the cloudstorage site 115. Alternatively, the client 130 itself can send the copyof the block to the cloud storage site 115.

By storing multiple blocks of data in a single container file, thededuplication module 299 avoids storing each block of data as a separatefile on the file systems of the cloud storage sites. This reduces thenumber of files that would be stored on the file systems of the cloudstorage sites, thereby ensuring that the cloud storage sites canadequately store the data of the clients 130 in the data storage system.

One advantage of these techniques is that they significantly reduce thenumber of files stored on a file system of a client or cloud storagesite. This is at least partly due to the storage of data blocks withinthe container files. Even if the deduplication module performs numerousstorage operations, these techniques will result in storing far fewerfiles on the file system than storage operations where each data blockis stored as a separate file. Therefore, the file system of the clientor cloud storage site may not necessarily have to contend with storingexcessively large numbers of files, such as millions of files or more.Accordingly, these techniques enable very large numbers of blocks ofdata to be stored without regard to limitations of the file system ofthe client or cloud storage site.

However, the storage of blocks of data in container files may createadditional complexities when it comes time to prune or delete data. Thisis because a container file may contain blocks of data that arereferenced by links in metadata files and thus cannot be deleted, asthese blocks of data typically still need to be stored on the cloudstorage sites. Furthermore, because the blocks of data are not stored asfiles on the file systems of the cloud storage sites, they cannot bedirectly referenced by the file system.

The systems and methods described herein provide solutions to theseproblems. The deduplication module creates the container files as sparsefiles (typically only on operating systems that support sparse files,e.g., Windows operating systems, but also on other operating systemsthat support sparse files). A sparse file is type of file that mayinclude empty space (e.g., a sparse file may have real data within it,such as at the beginning of the file and/or at the end of the file, butmay also have empty space in it that is not storing actual data, such asa contiguous range of bytes all having a value of zero). Second, thededuplication module maintains a separate index that stores anindication of whether blocks of data in container files are referred toby links in metadata files. In some examples, this can be thought of ascreating another file system on top of the existing file systems of thecloud storage sites that keeps track of blocks of data in the containerfiles.

When a block of data is not referred to and does not need to be stored,the deduplication module can prune it. To prune data, the deduplicationmodule accesses the separate index to determine the blocks of data thatare not referred to by links. On operating systems that support sparsefiles, the deduplication module can free up space in the container filescorresponding to those blocks of data by marking the portions of thephysical media corresponding to the unreferenced portions of thecontainer file as available for storage (e.g., by zeroing out thecorresponding bytes in the container files). On operating systems thatdo not support sparse files, the deduplication module can free up spacein the container files by truncating the extreme portions of thecontainer files (e.g., the beginnings and/or the ends of the containerfiles), thereby making the corresponding portions of the physical mediaavailable to store other data. Freeing up space in container filesallows the operating system to utilize the freed-up space in otherfashions (e.g., other programs may utilize the freed-up space).

Data Structures for Block-Level Deduplication

FIG. 8 is a diagram illustrating data structures that may be used tostore blocks of deduplicated data and non-deduplicated data on the cloudstorage site 115 in an archive format. The data structures include oneor more volume folders 802, one or more chunk folders 804/805 within avolume folder 802, and multiple files within a chunk folder 804. Eachchunk folder 804/805 includes a metadata file 806/807, a metadata indexfile 808/809, one or more container files 810/811/813, and a containerindex file 812/814. The metadata file 806/807 stores non-deduplicateddata blocks as well as links to deduplicated data blocks stored incontainer files. The metadata index file 808/809 stores an index to thedata in the metadata file 806/807. The container files 810/811/813 storededuplicated data blocks. The container index file 812/814 stores anindex to the container files 810/811/813. Among other things, thecontainer index file 812/814 stores an indication of whether acorresponding block in a container file 810/811/813 is referred to by alink in a metadata file 806/807. For example, data block B2 in thecontainer file 810 is referred to by a link in the metadata file 807 inthe chunk folder 805. Accordingly, the corresponding index entry in thecontainer index file 812 indicates that the data block B2 in thecontainer file 810 is referred to. As another example, data block B1 inthe container file 811 is referred to by a link in the metadata file807, and so the corresponding index entry in the container index file812 indicates that this data block is referred to.

As an example, the data structures illustrated in FIG. 8 may have beencreated as a result of two storage operations involving two clients 130.For example, a first storage operation on a first client 130 couldresult in the creation of the first chunk folder 804, and a secondstorage operation on a second client 130 could result in the creation ofthe second chunk folder 805. The container files 810, 811 in the firstchunk folder 804 would contain the blocks of deduplicated data of thefirst client 130. If the two clients 130 have substantially similardata, the second storage operation on the data of the second client 130would result in the media file system agent 240 storing primarily linksto the data blocks of the first client 130 that are already stored inthe container files 810, 811. Accordingly, while a first storageoperation may result in storing nearly all of the data subject to thestorage operation, subsequent storage operations involving storage ofsimilar data on the same cloud storage site 115 (or another appropriatecloud storage site) may result in substantial data storage spacesavings, because links to already stored data blocks can be storedinstead of additional instances of data blocks.

If the cloud storage site 115 (or operating system of the cloud storagesite) supports sparse files, then when the media file system agent 240creates container files 810, 811, 813, it can create them as sparsefiles. A sparse file is type of file that may include empty space (e.g.,a sparse file may have real data within it, such as at the beginning ofthe file and/or at the end of the file, but may also have empty space init that is not storing actual data, such as a contiguous range of bytesall having a value of zero). Having the container files 810, 811, 813 besparse files allows the media file system agent 240 to free up space inthe container files 810, 811, 813 when blocks of data in the containerfiles 810, 811, 813 no longer need to be stored on the cloud storagesites 115. In some examples, the media file system agent 240 creates anew container file 810, 811, 813 when a container file either includes100 blocks of data or when the size of the container file 810 exceeds 50Mb. In other examples, the media file system agent 240 creates a newcontainer file 810, 811, 813 when a container file satisfies othercriteria (e.g., it contains from approximately 100 to approximately1,000 blocks or when its size exceeds approximately 50 Mb to 1 Gb).Those of skill in the art will understand that the media file systemagent 240 can create a new container file 810, 811, 813 when othercriteria are met.

One advantage of the data structures illustrated in FIG. 8 and/or of thetechniques described herein is that they significantly reduce the numberof files transferred and stored on a file system of the cloud storagesite 115. This is at least partly due to the storage of data blockswithin the container files 810, 811, 813. Even if numerous storageoperations using these data structures are performed, there will be farfewer files on the cloud storage site 115 than there would be in storageoperations where each data block is stored as a separate file.Therefore, the client computers need not transfer certain blocks orfiles, and the file system of the cloud storage site 115 may notnecessarily have to contend with storing excessively large numbers offiles, such as millions of files or more. Accordingly, the systems andmethods described herein enable very large numbers of blocks of data tobe stored without regard to limitations of the file system of the cloudstorage site 115.

Another advantage is that the data storage system enables a reduction inthe amount of blocks of data stored on the cloud storage sites 115,while still maintaining at least one instance of each block of data inprimary data. In examples where the data storage system stores avariable number of instances of blocks of data, blocks of data can bedistributed across two or more cloud storage sites 115, thereby adding afurther aspect of redundancy.

Another advantage is that the metadata files 806, 807, the metadataindex files 808, 809, the container files 810, 811, 813, and/or thecontainer index files 812, 814 could be used to replicate the datastored in the deduplication database 297, or to reconstruct thededuplication database 297 if the data of the deduplication database 297is ever lost and/or corrupted.

The storage of data blocks in the container files may create additionalcomplexities when it comes time to prune (delete) data blocks that thedata storage system no longer need retain. This is because the datablocks are not stored as files on the file system on the cloud storagesite 115 and thus cannot be directly referenced by the file system. Asdescribed in detail herein, the media file system agent 240 uses thecontainer index files 812, 814 to keep track of which blocks of data arereferenced and thus which blocks are not prunable (deletable).

In some examples, the use of the container index files 812, 814, themetadata index files 808, 809, and/or the primary and secondary tables700, 750 to track data acts as a driver, agent or an additional filesystem that is layered on top of the existing file system of the cloudstorage site 115. This driver/agent/additional file system allows thedata storage system to efficiently keep track of very large numbers ofblocks of data, without regard to any limitations of the file systems ofthe cloud storage sites 115. Accordingly, the data storage system canstore very large numbers of blocks of data.

Accordingly, the data structures illustrated in FIG. 8 and thetechniques described herein enable the performance of multiple storageoperations cumulatively involving very large amounts of data, whilestill allowing for recovery of space on the cloud storage site 115 whenstorage of certain data blocks is no longer required. For example, thedata of numerous clients 130 can be protected without having to storeredundant copies or instances of data blocks. Space on the cloud storagesite 115 can also be recovered when it is no longer necessary to storecertain data blocks. Accordingly, storage operations involving verylarge amounts of data are enabled and optimized by the techniquesdescribed herein.

Deduplication Databases to Enable Containerized Deduplication toCloud-Based Storage

In some embodiments, the deduplication database 297 may maintain aprimary block table and a secondary block table. The primary table mayinclude an identifier column in which a data block identifier is stored,a location column in which a location of the data block in a containerfile is stored, an offset column indicating the offset within thecontainer file corresponding to the location of the data block, and areference count column, which contains a reference count of the numberof links that refer to the data block. The location column may includeURLs that indicate storage locations on cloud storage sites 115A-N. Anexample primary block table is shown below in Table 1.

TABLE 1 Primary Block Table Reference Identifier Location Offset Count0xA1B3FG http://www.storecloud.com/ 10 2 companyname/V_3/Chunk_1/ContainerFile 001 0xFG329A http://www.storecloud.com/  6 0companyname/V_1/Chunk_5/ ContainerFile 002 0xC13804http://www.storecloud.com/ 38 1 companyname/V_2/Chunk_1/ ContainerFile001 . . . . . . . . . . . .

For example, row 1 includes information about a data block for which theidentifier is “0xA1B3FG.” This data block is located in the containerfile that is indicated in the location column, at an offset of 10 withinthe container file. As shown, the URL indicates a cloud storage site(“storecloud.com”) used to store the container file. As indicated in thereference count column, this data block is referred to twice, meaningthat there are two links that refer to the data block. As anotherexample, row 2 includes information about a data block for which theidentifier is “0xC13804.” The location of this data block is indicatedin the location column at an offset of 38 within the container file, andit is referred to one other time, by one link.

A secondary block table includes information about links that refer todata blocks. The secondary block table includes an identifier column, areferring location column, and an offset column. The referring locationcolumn may include URLs that indicate storage locations on cloud storagesites 115A-N. An example secondary block table is shown below in Table2.

TABLE 2 Secondary Block Table Identifier Referring Location Offset0xA1B3FG http://www.storecloud.com/companyname/  5V_3/Chunk_1/MetaDataFile001 0xA1B3FG http://www.2ndCloud.com/co_name/ 15V_4/Chunk_18/MetaDataFile003 0xC13804http://www.storecloud.com/companyname/ 19 V_3/Chunk_2/MetaDataFile001 .. . . . . . . .

For example, the first row includes information about a reference to thedata block having the identifier of “0xA1B3FG” (the first row in theprimary block table). The location of the link (within a first cloudstorage site) is indicated in the second column, at an offset of fivewithin the indicated metadata file. As another example, the second rowincludes information about another reference to the data block havingthe identifier of “0xA1B3FG.” This location of the link (within a secondcloud storage site “2ndCloud”) is indicated in the second column, at anoffset of 15 within the indicated metadata file. As another example, thethird row includes information about a reference to the block for whichthe identifier is “0xC13804” (the second row in the primary blocktable). The location of the link is indicated in the second column, atan offset of 19 within the indicated metadata file.

The system may maintain similar primary and secondary tables tofacilitate object-level and/or sub-object level deduplication processes.For example, a deduplication database 297 may maintain a primary objecttable and a secondary object table having similar fields to those shownin Tables 1 and 2, respectively. In such an example, each entry in aprimary object table corresponds to a stored data object. Each entry ina primary object table corresponds to a reference to a stored dataobject.

Pruning Block-Level Deduplicated Data

FIG. 9 is a flow diagram of another process 900 for pruning deduplicateddata blocks that may be employed in some examples. The process 900 isdescribed as being performed by the media file system agent 240,although those of skill in the art will understand that aspects of theprocess 900 may be performed by any of the entities described herein.The process 900 begins at step 905 when the media file system agent 240receives instructions to prune data corresponding to a storage operation(job). Additionally or alternatively, one or more files can be selectedto be pruned, and/or one or more data blocks can be selected to bepruned. This selection of a job or other data to be deleted can be mademanually, such as by an administrator, or automatically, such as by thejob, files, and/or data blocks aging out by a retention policy.

As previously noted, the data structures illustrated in FIG. 8 may havebeen created as a result of two jobs involving two clients 130. Forexample, a first job on a first client 130 could result in the creationof the first chunk folder 804, and a second job on a second client 130could result in the creation of the second chunk folder 805. The process900 is described using this example. More specifically, the process 900is described below as pruning the data created as a result of the firstjob. Of course, a similar process may be used to delete other jobs, oreven smaller increments of data or data objects, such as individualfiles or blocks.

At step 907 the media file system agent 240 determines the file, e.g.,archive file, and the volume folders 802 and chunk folder 804corresponding to the job to be pruned. The media file system agent 240may do so, for example, by analyzing various data structures todetermine this information. At step 910 the media file system agent 240deletes the metadata file 806 and the metadata index file 808 in thechunk folder 804. The media file system agent 240 can delete themetadata file 806 and the metadata index file 808 in this examplebecause these files include data that is not referenced by any otherdata.

At step 915 the media file system agent 240 accesses the container file810 and the container index file 812 in the chunk folder 804. The mediafile system agent 240 begins iterating through the data blocks in thecontainer files 810. At step 920, beginning with a first block in thecontainer file 810, the media file system agent 240 accesses the primaryblock table in the deduplication database 297. The media file systemagent 240 determines from the primary block table whether the referencecount of a data block in the container file 810 is equal to zero. If so,this indicates that there are no references to the data block. Theprocess 900 then continues at step 925, where the media file systemagent 240 sets the entry in the container index file 812 correspondingto the data block equal to zero, thus indicating that there are noreferences to the data block, and it is therefore prunable.

If the reference count of a data block is not equal to zero, then thedata block is not prunable, and the process 900 continues at step 930.At this step, the media file system agent 240 determines whether thereare more data blocks in the container file 810. If so, the process 900returns to step 920, where it accesses the next data block. If there areno more data blocks in the container file 810, the process 900 continuesat step 932, where the media file system agent 240 determines whetherall the entries in the container index file 812 corresponding to thecontainer file 810 are equal to zero. As illustrated in FIG. 8, thesecond index entry in the container index file 812 is not equal to zero,thus indicating that the corresponding block in container file 810 isreferenced (by data in the chunk folder 805, as earlier described).Accordingly, the container file 810 cannot be deleted.

However, if the container file 810 did not contain any referenced datablocks, then at step 933, the media file system agent 240 would deletethe container file 810. The process would then continue at step 935,where the media file system agent 240 determines whether there are morecontainer files. According to the example as illustrated in FIG. 8,there is an additional container file 811. The process 900 then returnsto step 915, where it performs the same steps 920-933 for container file811. As a result of performing these steps, the media file system agent240 would also determine that the container file 811 cannot be deleted,because it contains a data block that is referenced (by data in thechunk folder 805, as earlier described).

After processing container files 810, 811, the process 900 continues atstep 940, where the media file system agent 240 determines whether tofree up storage space in the container files 810, 811. The media filesystem agent 240 may do so using various techniques. For example, if theoperating system of the media file system agent 240 supports sparsefiles, then the media file system agent 240 may free up space by zeroingout the bytes in the container files corresponding to the space to befreed up. For a number of contiguous blocks (e.g., a threshold number ofcontiguous blocks, such as three contiguous blocks) for which thecorresponding entries in the container index file 812 indicate that theblocks are not being referred to, then the media file system agent 240may mark these portions of the container files 810, 811 as available forstorage by the operating system or the file system. The media filesystem agent 240 may do so by calling an API of the operating system tomark the unreferenced portions of the container files 810, 811 asavailable for storage.

The media file system agent 240 may use certain optimizations to managethe number of times portions of the container file are marked asavailable for storage, such as only zeroing out bytes in container fileswhen a threshold number of unreferenced contiguous blocks is reached(e.g., three unreferenced contiguous blocks). These optimizations mayresult in less overhead for the operating system because it reduces thenumber of contiguous ranges of zero-value bytes in the container files810, 811 that the operating system must keep track of (e.g., it reducesthe amount of metadata about portions of the container files 810, 811that are available for storage).

If the operating system of the media file system agent 240 does notsupport sparse files, then the media file system agent 240 may free upspace by truncating either the beginning or the end of the containerfiles 810, 811 (removing or deleting data at the beginning or end of thecontainer files 810, 811). The media file system agent 240 may do so bycalling an API of the operating system, or by operating directly on thecontainer files 810, 811. For example, if a certain number of the lastblocks of the container file are not being referred to, the media filesystem agent 240 may truncate these portions of the container files 810,811. Other techniques may be used to free up space in the containerfiles 810, 811 for storage of other data. At step 945 the media filesystem agent 240 frees up space in the container files 810, 811. Theprocess 900 then concludes.

As a result of the process 900, the chunk folder 804 would contain onlythe container files 810, 811 and the container index file 812. At alater time, when the chunk folder 805 is pruned (when the job thatcreated this chunk folder is selected to be pruned), then the containerfiles 810, 811 in the chunk folder 804 can be deleted, because they nolonger contain data blocks that are referenced by other data. Therefore,pruning data corresponding to a job may also result in pruning datacorresponding to an earlier job, because the data corresponding to theearlier job is no longer referenced by the later job.

Although the process 900 is described with reference to the pruning ofdata corresponding to jobs (one or more storage operations), other datacan also be pruned. For example, an administrator may wish to deletededuplicated data but retain non-deduplicated data. In such case, theadministrator may instruct the media file system agent 240 to delete thecontainer files 810, 811, 813 but retain the metadata files 806, 807 andmetadata index files 808, 809. As another example, an administrator orstorage policy may delete one or more specific files. In such case, themedia file system agent 240 deletes the data blocks in the containerfiles 810, 811, 813 corresponding to the specific files but retainsother data blocks. The process 900 may include fewer or more steps thanthose described herein to accommodate these other pruning examples.Those of skill in the art will understand that data can be pruned invarious fashions and, therefore, that the process 900 is not limited tothe steps described herein.

Containerizing Deduplicated Data for Storage in the Cloud

During a storage operation that utilizes deduplication, it may bedesirable to determine a suitable container file size, particularly ifthe storage operation will result in the container files being stored ona target cloud storage site 115A-N. As described previously, a singlestorage operation that utilizes deduplication may result in as few asthree container files being created in a secondary cloud storage site115, such as three for each company storing data to that cloud storagesite. The contents of the few container files may reflect the content ofthousands of data objects and/or millions of data blocks in primarystorage. By containerizing the objects or blocks, the system reduces thestrain on the file system namespace of the secondary cloud storage site115, since it reduces the number of files stored on the file system ofthe cloud storage site 115. The fewer container files used per storageoperation, the less strain there is on the file system namespace of thesecondary cloud storage site 115. Thus, by using larger container files,the system may reduce namespace strain on the secondary cloud storagesite 115.

When creating or writing container files to a target cloud storage site115A-N used as a secondary cloud storage site, the characteristics ofthe WAN network connection used to transfer the container files from themedia file system agent 140 to the cloud storage site 115A-N may imposeother restrictions upon the size of container files used. For example,the bandwidth of the network connection may impose an upper limit on thesize of container files that may be used (e.g., an upper limit ofapproximately 1000 blocks). If the network connection has low bandwidth,the upload of large container files to the cloud storage site may proveprohibitively slow. Also, the restoration of a particular data object orblock may require the retrieval of the entire container file comprisingthat data object/block from the cloud storage site; if the containerfile is too large for a low-bandwidth network, then restoration timesmay become prohibitively slow. As another example, the latency of thenetwork connection may impose a lower limit on the size of containerfiles that may be used. This is because the total time needed to performa storage operation may be increased if for each container file createdand transferred to the target cloud storage site, the system must slowlytransmit the container file and/or await a response from the cloudstorage site 115A-N before processing the next container file in thestorage operation.

Other factors may also affect the choice of size for container files.For example, some cloud storage sites 115A-N may not support sparsefiles and thus not support sparsification of container files. In thissituation, smaller container files may be desirable, because then itbecomes more likely the system will be able to prune entire containerfiles from the cloud storage site 115A-N, even if it cannot prune outindividual blocks/objects using sparsification techniques. As anotherexample, a particular cloud storage site 115A-N may have a pricingstructure that charges both for the total amount of storage used (e.g.,total gigabytes or petabytes used) and the number of files ordirectories used on the site. If the cloud storage site 115A-N bases itscharges on the number of files or directories used on the site, largercontainer files may be desirable. In some embodiments, the system mayalso additionally impose an absolute upper or lower limit on the size ofcontainer files used. For example, the system may impose an upper limiton the size of container files in order to minimize the amount of timeit takes the system to traverse a container file during datarestoration. For example, in some embodiments, the system may impose anabsolute 100 block size upon container files, even if the networkbandwidth would theoretically allow for larger container files. Asanother example, the system may impose an absolute lower limit on thesize of container files used, since there may be overhead costs (e.g.,processing time and/or memory used) for each additional container fileused in a storage operation.

Thus, the deduplication module 299 or another system component mayperform the following process to establish a container size for astorage operation. The deduplication module 299 or system may (1)determine the average latency and bandwidth of the network connectionbetween the target cloud storage site 115A-N and the media file systemagent 240 (or similar metrics regarding the network connection, e.g.,maximum latency and minimum bandwidth), (2) determine any namespacerestrictions imposed by the target cloud storage site 115A, (3)determine whether the target cloud storage site 115A-N supports thesparsification of data files, (4) determine the pricing structure usedby the target cloud storage site, (5) determine any caps set by thesystem upon container file size, and (6) perform an optimization toestablish a container size for the storage operation reflecting one ormore of these determined factors and/or other factors (e.g., such asuser input).

Alternatively, the system may permit a user to select the container sizethat will be used for one or more storage operations. Stillalternatively, the user or the system may establish for all storageoperations, the container size that will be used for a particular cloudstorage site or all cloud storage sites.

Indexing of Data

As noted above for FIG. 3B, the system may index data to be stored at acloud storage site, such as before the data is sent to the cloud storagesite. Some details on suitable content indexing techniques will now bepresented. Further details may be found in the assignee's U.S. PatentPublication No. 2009-0287665, filed Jul. 29, 2009, entitled METHOD ANDSYSTEM FOR SEARCHING STORED DATA. FIG. 10 is a flow diagram thatillustrates the processing of a content indexing component 205 for latersearching, according to one embodiment. The component is invoked whennew content is available or additional content is ready to be added tothe content index. In step 1010, the component selects a copy of thedata to be indexed. For example, the copy may be a secondary copy of thedata, a data snapshot, or data stored or being stored in an archivecopy. In step 1020, the component identifies content within the copy ofthe data. For example, the component may identify data files such asword processing documents, spreadsheets, and presentation slides withinthe secondary data store. The system may check the data againstpreviously indexed data, and only index new or additional data. In step1030, the component updates an index of the content to make theidentified content available for searching. The system may parse,process, and store the data. For example, the component may addinformation such as the location of the content, keywords found withinthe content, and other supplemental information about the content thatmay be helpful for locating the content during a search. In one example,the content indexing component updates a content index stored within theSS index 261, SS light index 247 and/or the management light index 245and/or management index 211. After step 1030, these steps conclude.

FIG. 11 illustrates some of the data structures used by the system tofacilitate content indexing. While the term “field” and “record” areused herein when describing certain data structures, the systemdescribed herein may employ any type of data structure. For example,relevant data can have preceding headers, or other overhead datapreceding (or following) the relevant data. Alternatively, relevant datacan avoid the use of any overhead data, such as headers, and simply berecognized by a certain byte or series of bytes within a serial datastream. Any number of data structures and types can be employed herein.

FIG. 11 illustrates a data structure containing entries of a contentindex. In some embodiments, a copy of the content index shown (or a copyof a subset of the content index shown) may be stored within the SSindex 261, SS light index 247 and/or the management light index 245and/or management index 211. The offline content indexing system usesthis and similar data structures to provide more intelligent contentindexing. For example, the offline content indexing system may indexmultiple copies of data and data available from the multiple copiesusing a secondary copy of data stored on media with a higheravailability based on the location or other attributes indicated by thedata structure described below. As another example, the offline contentindexing system may prefer an unencrypted copy of the data to anencrypted copy to avoid wasting time unnecessarily decrypting the data.

The table 1100 contains a location column 1110, a keywords column 1120,a user tags column 1130, an application column 1140, and an availablecolumn 1150. The table 1100 contains five sample entries. The firstentry 1160 specifies that the location of a file is on a corporateintranet by using a web universal resource locator (“URL”). The entry1160 contains keywords “finance,” “profit,” and “loss” that identifycontent within the file. The entry 1160 contains tags added by a userthat specify that the content comes from the accounting department andis confidential. The entry 1160 indicates that a spreadsheet programtypically consumes the content, and that the entry is immediatelyavailable.

Another entry 1170 specifies that data is stored on a local tape that isa personal email, and can be available in about an hour. Another entry1180 specifies an offsite tape holds a presentation related to acancelled project. The entry 1180 refers to offsite data that isavailable within one week due to the delay of retrieving the archiveddata from the offsite location. Another entry 1190 specifies that thelocation of a word processing document containing data relating to CEOcompensation is in a cloud storage site by using a URL that points to adeduplicated archive file that may be implemented by a data structuresimilar to those shown in FIGS. 5A-D and/or FIG. 8. As shown, theestimated retrieval time from this cloud storage site is 15 minutes.Another entry 1195 specifies that the location of a personal emailrelating to a medical condition is stored in a second cloud storage siteby using another URL that points to a deduplicated archive file that maybe implemented by a data structure similar to those shown in FIGS. 5A-Dand/or FIG. 8. As shown, the estimated retrieval time from this cloudstorage site is 1 hour.

Policy-Driven Storage of Data Across Cloud Storage Sites

Referring again to FIG. 3B, at step 330, the system stores deduplicateddata (or “dehydrated data”) in secondary cloud storage by utilizing themedia file system agent 240 to perform file system operations (such as a“write” operation) on a target cloud storage site 115A. To determinewhich target cloud storage site the media file system agent 240 shouldwrite to, the media file system agent 240 may retrieve an applicablestorage policy (described previously with respect to FIG. 2) and act inaccordance therewith. For example, the media file system agent 240 mayretrieve a storage policy stored in management index 211 that specifiesthat all email objects (and blocks contained therein) should be storedon cloud storage site 115A, while document objects (and blocks containedtherein) should be stored on cloud storage site 115B. As anotherexample, the storage policy stored in management index 211 may specifythat all objects related to a particular client 130 or particular user(e.g., a company CEO) should be stored on a more expensive or reliablecloud storage site 115A while all other objects for all other clients130 and/or users should be stored on a less expensive or less reliablecloud storage site 115B. As yet another example, at block 330, thesystem may review the historical performance achieved by various targetcloud storage sites 115A-N to determine which sites have historicallyachieved the desired performance metrics mandated by a storage policy.Additionally, the system may select a cloud storage site that has betterhistorical performance than other sites.

As another example, a storage policy may specify that a first type offiles should be retained for one year in a first target cloud storagesite 115A, that a second type of files should be retained for sevenyears in a second cloud storage site 115B, and that a third type offiles should be retained indefinitely in a third cloud storage site115N. As yet another example, a storage policy may specify that a firsttype of files (e.g., secondary disk copies needed for rapid disasterrecovery) be stored only in storage sites 115, including cloud storagesites 115A-N, that can provide sufficient bandwidth, network capacity orother performance to ensure that the time needed to recover a file fromthe storage device 115 (e.g., cloud storage site 115A-N) is less aspecified recovery time objective.

Restoring Dehydrated Data Objects from Cloud Storage Sites

After a storage operation has resulted in the storage of dehydrated dataon a cloud storage site 115A-N, it may be necessary to later restoresome or all of the original data files, objects, sub-objects, or blocksthat were archived during the storage operation. For example, a user orcustomer of a cloud storage site may wish to retrieve a file that wascopied to the cloud storage site in dehydrated form if a primary copy ofthat file is no longer available on the user's client 130. As anotherexample, to comply with an electronic discovery request, it may benecessary to retrieve an archived version of a particular file. Somedetails on suitable techniques for restoring files and objects fromdehydrated data will now be presented. Further details may be found inthe assignee's U.S. patent application Ser. No. 12/565,576, filed Sep.23, 2009, entitled SYSTEMS AND METHODS FOR MANAGING SINGLE INSTANCINGDATA

FIG. 12 is a flow diagram illustrating a process 1200 for restoring orretrieving data from chunk folders in an archive file format onsecondary storage. This process may be utilized to restore data objectsstored on cloud storage sites 115A-N. In order to do so, the systemidentifies the cloud storage site 115, the archive file on that cloudstorage site, the chunk file within that archive file, and further thelocation of the data object within that chunk file. At step 1205 aselection of a data object to restore is received, such as from anadministrator via a graphical interface. The process of restoring datathat has been deduplicated may be referred to herein as “rehydratingdeduplicated data.”

At step 1210 the media file system agent 240 is consulted to determinean archive file ID and an offset of the data object to be restored. Themedia file system agent 240 can determine this information from a datastructure, such as a tree index (for example, a c-tree may be used,which, in some examples, is a type of self-balancing b-tree), that itmaintains for each archive file. For example, an archive file may bebased on files 1 through n, with file 1 at offset 1, file 2 at offset 2,file n at offset n, and so on. The media file system agent 240 maintainsone tree index per full storage operation cycle. (A storage operationcycle consists of a cycle from one full storage operation of a set ofdata, including any intervening incremental storage operations, untilanother full storage operation is performed.) FIG. 13A illustrates anexample data structure 1300 that the media file system agent 240maintains. The data structure 1300 includes an archive file ID item 1310that contains the identifier of archive files, a file or data objectitem 1320 that contains the identifier of the file or data object, andan offset 1330 containing the offset of the file or data object withinthe archive file or cloud container.

The media file system agent 240 may also maintain a multiple-partidentifier, such as a five-part identifier, that includes an enterpriseor domain identifier (e.g., an identifier of a company/customer, agrouping of clients/companies, etc.), a client identifier to identify aparticular company, customer or host computer to connect to at thecustomer, an application type (e.g. if all Microsoft Word documents arestored together), a storage operation set identifier to identify whenthe storage operation data was obtained, and a sub-client identifier toprovide a further level of granularity within an enterprise to identifyan origin, location, or the use of the data (e.g., a file system on aclient could be a sub-client, or a database on a client could be asub-client).

Using the data structure maintained for the archive file, the media filesystem agent 240 determines the archive file ID and offset within thearchive file of the data object to be restored. The media file systemagent 240 then needs to determine which chunk contains the data object.To do so, the media file system agent 240 consults another server, suchas a storage manager 105 (discussed below), that has a data structurethat maps the archive file ID and offset to the specific media (as wellas the specific chunk file within the specific media, optionally). Forexample, the storage manager may maintain a database table that maps thearchive file ID to specific media, to a URL indicating the cloud storagesite location, or to a bar code number for a magnetic tape cartridgestoring that archive file.

FIG. 13B illustrates an example data structure 1350 that the storagemanager 109 maintains. The data structure 1350 includes an archive fileID item 1370 identifying a client, a storage operation job, a cycle, andan archive file ID, a media chunk item 1380 containing an identificationof the media containing the archive file and the chunk on the media thatcontains the archive file, and a start item 1390 that contains thearchive file ID, an offset, and a size. When utilizing a cloud storagesite, some or all of the entries in the media chunk column 1380 maycomprise a URL (e.g., a URL likehttps://www.cloudstorage.com/companyname/C/J/Y/1/C_(—)1.xml) thatreflects the location of the archive file within a specific cloudstorage site and/or reflects a website where the system may otherwiseaccess the archive file. The media file system agent 240 then canconsult a deduplication database 297 to determine the specific chunkthat corresponds to the data object to be restored.

At step 1215, the cloud storage server accesses a particular secondarystorage device and the specific media, such as a specific folder withina disk at a cloud storage site (indicated by a URL) or a specific tapecartridge in an automated tape library, is accessed. At step 1220 thecloud storage server opens the specific chunk folder, and the metadatafile is accessed. At step 1225, the metadata file is parsed until thestream header corresponding to the data object or block to be restoredis accessed. At step 1230, the cloud storage server determines thelocation of the file from the stream data. The stream data indicates thelocation of the data object to be restored, which is either in acontainer file in the chunk folder or within a container file in anotherchunk folder. At step 1235 the data object is retrieved or opened, andthe data object is read and streamed back to restore it for therequesting client/host/customer (block 1240). Each data object may havea piece of data appended to it (e.g., an EOF marker) that indicates tothe reader when to stop reading the data object. A similar piece of datamay be prepended (e.g., a BOF marker) to the data object. The process1200 then concludes.

Although the process of FIG. 12 and the data structures of FIG. 13 weredescribed with respect to object-level restoration and retrieval, onehaving skill in the art will appreciate that a system may employ asimilar process and similar data structures to restore and retrieveindividual blocks or sub-objects archived within a system.

Local Searching of Data Stored on Remote Cloud Storage Sites

As described previously, during the process of FIG. 3B, the system maygenerate one or more copies of a content index as shown in FIG. 11within the SS index 261, SS light index 147, the management light index245 and/or management index 211. Using this content index information,the system may provide local search capabilities. Some details onsuitable searching techniques will now be presented. Further details maybe found in the assignee's U.S. Patent Publication No. 2008-0091655,filed Mar. 30, 2007, entitled METHOD AND SYSTEM FOR OFFLINE INDEXING OFCONTENT AND CLASSIFYING STORED DATA. For example, the storage manager105 may receive and process a request to search the management index 211for files matching certain search criteria, and then return matchingfiles. By providing local searching of the content index information,the system may provide more cost-effective and/or faster searches ofdata archived or stored on a remote cloud storage site 115A-N, sincelocal searches of a local content index typically do not require filesystem calls to a cloud storage site other than to retrieve identifiedfiles stored therein.

FIG. 14 is a flow diagram that illustrates the processing of a searchrequest by the system, in one embodiment. In step 1410, the systemreceives a search request specifying criteria for finding matchingtarget content. For example, the search request may specify one or morekeywords that will be found in matching documents. The search requestmay also specify boolean operators, regular expressions, and othercommon search specifications to identify relationships and precedencebetween terms within the search query. In step 1420, the system searchesthe content index to identify matching content items that are added to aset of search results. For example, the system may identify documentscontaining specified keywords or other criteria and add these to a listof search results. In step 1425, the system generates search resultsbased on the content identified in the content index. In step 1430, thesystem selects the first search result. In decision step 1440, if thesearch result indicates that the identified content is archived, thenthe system continues at step 1450, else the system continues at step1455. For example, the content may be archived because it is on a remotecloud storage site.

In step 1450, the system retrieves the archived content, which mayutilize the data restoration methods discussed herein. Additionally oralternatively, the system may provide an estimate of the time requiredto retrieve the archived content and add this information to theselected search result. In decision step 1455, if there are more searchresults, then the system loops to step 1430 to get the next searchresults, else the system continues at step 1460. In step 1460, thesystem provides the search results in response to the search query. Forexample, the user may receive the search results through a web page thatlists the search results, or the search results may be provided toanother system for additional processing through an API. The system mayalso perform additional processing of the search results beforepresenting the search results to the user. For example, the system mayorder the search results, rank them by retrieval time, and so forth.After step 1460, these steps conclude.

Collaborative Searching

In some implementations, a cloud storage site may be integrated with acollaborative search system and collaborative document management systemto facilitate collaborative searching, data retrieval, and discovery.Some details on collaborative searching are provided below; furtherdetails may be found in the assignee's U.S. Patent Publication No.US-2008-0222108-A1, filed Oct. 17, 2007, entitled METHOD AND SYSTEM FORCOLLABORATIVE SEARCHING. Referring to FIG. 25, a block diagram 2500illustrating an architecture for integrating a collaborative searchsystem with a collaborative document management system is shown. Abrowser 2505 is used by collaborative participants as an interface toaccess the integrated system. A collaborative participant submitsqueries, receives results, and performs other collaborative tasksthrough the browser 2505. The browser 2505 is connected to acollaborative document management system 2510, such as the MicrosoftSharePoint Server. The collaborative document management system 2510provides a web-based portal for collaboration between collaborativeparticipants. The collaborative document management system 2510 isconnected to a collaborative search system 2520. The collaborativesearch system 2520 integrates with the collaborative document managementsystem 2510 and adds additional components, such as web components andcontent parsers, and provides access to cloud storage content. Thecollaborative search system 2520 is connected to not only one or morecloud storage sites 115, but also to local storage (e.g. a storageoperation cell 150), as well as to a security system 2540, and adocument retention system 2550.

The storage operation cell 150, as shown in FIG. 2, provides fast accessto content from various computer systems within an enterprise. Thesecurity system 2540 provides users and groups that are meaningful to aparticular enterprise to facilitate searching. The security system 2540also enforces access rights to collaborative content. The documentretention system 2550 places a legal hold on documents related to adocument retention request.

In some examples, the collaborative search system receives criteria fora search through a collaborative process. For example, one collaborativeparticipant may create a new query for responding to a discovery requestregarding a product made by the company that employs the collaborativeparticipant. The first collaborative participant may add search criteriaincluding the product name and then submit the search criteria to thecollaborative document management system 2510 as a collaborativedocument. Another collaborative participant may open the collaborativedocument and add additional search criteria, such as instructions tonarrow the list of departments from which documents should be searched.For example, the second participant may include the engineering,marketing, and sales teams that worked on the product. The collaborativesearch system 2520 may also add additional criteria inferred from thecriteria added by the collaborative participants. For example, based onthe company's indexed data the collaborative search system may determinethat two employees, one in a department already within the searchcriteria and another outside of the current search criteria, frequentlysend email about projects. Based on this information, the collaborativesearch system may add the user that is outside of the current searchcriteria to the search criteria, or it may prompt one of thecollaborative participants to consider adding the user to the searchcriteria.

Alternatively or additionally, the system may provide further features.For example, the system may add additional search criteria inferred fromdynamic changes made to the search criteria. The system may useheuristics type information when determining search criteria. Thecollaborative search system 2520 may defines workflows that define theset of steps that are part of completing a task. The collaborativesearch system 2520 may create a collaborative document based on a set ofsearch results. The collaborative document provides a mechanism formultiple collaborative participants to contribute to steps within aworkflow subsequent to the search process. In the example of a discoveryrequest, the steps of performing various levels of review of founddocuments can consume the majority of the time spent responding to thediscovery request, and a collaborative participant may reviewing eachdocument and flagging the document if it contains privileged content ordirectly add comments to documents within the search results. Thecollaborative search system 2520 provides a user interface through whicha collaborative participant may select from a set of templates thatdefine common search tasks, such as a Sarbanes-Oxley template thatinitiates a search for materials required to be disclosed under theSarbanes-Oxley Act.

The user interface of the collaborative search system 2520 may includecustom-developed web components to assist with the integration with thecollaborative document management system. For example, MicrosoftSharePoint Server provides an object model and API for accessingcollaborative features such as workflows and a search front-end that canbe invoked from custom web pages using the Active Server Page Framework(“ASPX”). The collaborative search system 2520 provides a user interfacethat does not require specialized software to be installed on thesearching client system. The collaborative search system may alsoprovide a set of parsers for viewing content from many differentsources, such as received in a list of search results, as web content.For example, the collaborative search system may provide a parser forconverting a word processing document into a Hypertext Markup Language(“HTML”) web page. Other parsers may convert spreadsheet content,database tables, instant messaging conversation logs, email, or otherstructured or unstructured content into a web page format accessible viaa collaborative participant's browser. In this way, heterogeneous datafrom many different applications is available through a unified searchuser interface.

FIG. 26 illustrates the integration of parsers with the collaborativedocument management system. The collaborative document management system2510 contains a configuration database 2630, a schema file 2640, one ormore dynamic web pages 2620, and one or more generated web pages 2610.When a collaborative participant accesses the collaborative documentmanagement system 2510, the collaborative document management system2510 consults the configuration database to determine what to display tothe collaborative participant based on factors such as the identity ofthe user, the particular web address the collaborative participantrequested, the access rights of the collaborative participant, the stateof previous requests by the collaborative participant to thecollaborative document management system, and so on. Based on thedetermined information to display, the collaborative document managementsystem consults the schema file 2640 to determine the layout of theinformation for display to the collaborative participant. The schemafile 2640 may include instructions based on predetermined layouts,dynamically determined layouts, templates to be included in the layout,and so on. At this point, one or more parsers 2650 may be consulted tomigrate data from one or more document types (e.g., 2660 and 2670) to anXML or other common format. The schema data is passed to an ASPX orother dynamic page 2620 that may use scripts and an object modelprovided by the collaborative document management system to identify,parse data types, and dynamically build a page with the content thatwill be displayed to the collaborative participant. For example, thesystem may present one or more templates described above. After thescripts are run, the dynamic page 2620 generates an HTML or othergeneric formatted page 2610 that is sent to the collaborativeparticipant's browser/GUI that will be displayed to the collaborativeparticipant.

The collaborative search system 2520 may integrate components forsearching data from multiple operating systems and multiple data formatsfrom multiple cloud storage sites. For example, file system data on aMicrosoft Windows computer system may be stored differently from filesystem data on a Linux computer system, but the collaborative searchsystem may make both types of file system data available for searching.Data may be gathered from each of these types of disparate data sourcesand forwarded to a uniform database where the data can be collected,tagged with various classifications, and indexed for searching. Thesystem may then display the data on differently formatted browsers.

Other implementations may integrate a collaborative document managementsystem 2510 and collaborative search system 2520 with another type ofstorage system that provides content indexing and search capabilitiescomparable to the storage operation cell 150 shown FIG. 2. For example,an implementation may integrate a collaborative document managementsystem and collaborative search system with a system shown in FIG. 15,FIG. 21 and/or FIG. 22, which are described in greater detail herein.

In some examples, the collaborative search system 2520 integratesinformation from the security system 2540. For example, thecollaborative search system may use Microsoft Windows Active Directoryto determine users whose content should be searched as part of adiscovery request. Active Directory contains all of the users in anorganization and organizes the users into groups. The security systemmay provide restrictions on access to content retrieved in response to asearch. For example, a temporary worker hired to find documents for asales pitch might not have access to documents associated withexecutives or documents that contain confidential company information.The collaborative search system can manage a workflow that containssteps performed by collaborative participants with varying levels ofaccess to content. For example, a company officer may be the onlycollaborative participant allowed to search for a particular set ofdocuments as part of a search request, while other collaborativeparticipants may be allowed to search for less restricted documents.

Cloud Gateway

As shown in FIG. 15, the system can include a “cloud gateway” 1540,which may include a network attached storage (“NAS”) filer 1505 or NAShead with a limited amount of local storage, and which advertisesCIFS/NFS interfaces out to clients 130 and cloud storage sites 115A-N.The local storage of the NAS filer 1505 of the cloud gateway 1540provides a way to satisfy incoming data writes from clients 130 quickly,and to buffer or spool data before it is transferred to cloud storagesites 115A-N or other cloud storage sites 115 (not shown). The cloudgateway 1540 may include functionality to de-duplicate locally storeddata before being written up to cloud storage sites 115A-N, both ofwhich may be done on a fairly rapid or aggressive schedule.

In addition to providing REST-based methods to input and output datafrom the system, the cloud gateway 1540 may also provide conventionalmethods of accessing data via a NAS filer 1505 such as via Web-basedDistributed Authoring and Versioning (WebDAV) and CIFS/NFS methods, thusmaking it easy for users and applications to read and write data tocloud storage sites 115A-N without significant changes to their currentmode of working.

Overall, users and applications can specify parameters (e.g., under astorage policy) that dictate to the cloud gateway 1540 the handling oftheir content—i.e., how long it is retained, should it beencrypted/compressed, should it be deduplicated, should it be indexedand searchable, should it to be replicated and if so, how many copiesand to where, etc. The cloud gateway 1540 may facilitate the cloudstorage system by allowing for metadata to be specified on a perfile/object basis or on a data container or bucket basis. Further, thesystem permits data to be replicated on demand to selected geographiesbased on access usage patterns, etc.

Cloud Gateway Architecture

FIG. 16 shows a block diagram illustrating a suitable environment forthe cloud gateway 1540 that can include a filer or NAS filer 1505configured to perform data migration to cloud storage sites and othersecondary storage. Some details on suitable systems and methods forperforming data migration using a NAS filer 1505 will now be presented.Further details may be found in the assignee's U.S. patent applicationSer. No. 12/558,640, filed Sep. 14, 2009, entitled DATA TRANSFERTECHNIQUES WITHIN DATA STORAGE DEVICES, SUCH AS NETWORK ATTACHED STORAGEPERFORMING DATA MIGRATION.

While the examples below discuss a NAS filer 1505, any architecture ornetworked data cloud storage site employing the following principles maybe used, including a proxy computer coupled to the NAS filer 1505. Thecomputing system 1600 includes a data storage system 1610, such asstorage operation cell 150. Client computers 1620, including computers1622 and 1624, are associated with users or servers that generate datato be stored in secondary storage. The client computers 1622 and 1624communicate with the data storage system 1610 over a network 1630, suchas a private network such as an intranet, a public network such as theInternet, and so on. The networked computing system 1600 includesnetwork-attached storage, such as the cloud gateway 1540.

The cloud gateway 1540 includes NAS-based storage or memory, such as acache 1644, for storing data received from the network, such as datafrom client computers 1622 and 1624. (The term “cache” is usedgenerically herein for any type of storage, and thus the cache 1644 caninclude any type of storage for storing data files within the NAS filer1505, such as magnetic disk, optical disk, semiconductor memory, orother known types of storage such as magnetic tape or types of storagehereafter developed.) The cache 1644 may include an index or other datastructure in order to track where data is eventually stored (e.g.,location in the cloud), or the index may be stored elsewhere, such as onthe proxy computer. The index may include information associating thedata with information identifying a secondary cloud storage site thatstored the data, or other information. For example, as described indetail below, the index may include both an indication of which blockshave been written to secondary storage (and where they are stored insecondary storage), and a lookup table that maps blocks to individualfiles stored within the cloud gateway 1540.

The cloud gateway 1540 also includes a data migration component 1642that performs data migration on data stored in the cache 1644. Whileshown in FIG. 16 as being within the NAS filer 1505, the data migrationcomponent 1642 may be on a proxy computer coupled to the NAS filer. Insome cases, the data migration component 1642 is a device driver oragent that performs block-level, sub-object-level, or object-level datamigration of data stored in the cache, or a combination of two or moretypes of data migration, depending on the needs of the system. Duringdata migration, the NAS filer 1505 not only transfers data from thecache of the device to one or more cloud storage sites 115A-N located onthe network 1630, but also to other secondary storage locations 1650,such as magnetic tapes 1652, optical disks 1654, or other secondarystorage 1656. Importantly, the cloud gateway 1540 may also retrieve datafrom these other secondary storage devices and transfer it to the cloudstorage sites 115A-N (under ILM or other storage policies). The NASfiler 1505 may include various data storage components that are usedwhen identifying and transferring data from the cache 1644 to thesecondary cloud storage sites 1650. These components will now bediscussed.

Referring to FIG. 17, a block diagram illustrating the components of theNAS filer 1505 component of the cloud gateway 1540, configured toperform data migration, is shown. In addition to the data migrationcomponent 1642 and cache or data store 1644, the cloud gateway 1540 mayinclude an input component 1710, a data reception component 1720, a filesystem 1730, and an operating system 1740. The input component 1710 mayreceive various inputs, such as via an iSCSI protocol. That is, thecloud gateway may receive commands or control data from a data storagesystem 1610 over IP channels. For example, the data storage system 1610may send commands to a cloud gateway's IP address in order to provideinstructions to the NAS filer 1505. The data reception component 1720may receive data to be stored over multiple protocols, such as NFS,CIFS, and so on. For example, a UNIX-based system may send data to bestored on the NAS filer 1505 over an NFS communication channel, while aWindows-based system may send data to be stored on the NAS filer over aCIFS communication channel.

Additionally, the cloud gateway 1540 may include a number of datastorage resources, such as a data storage engine 1760 to direct readsfrom and writes to the data store 1644, and one or more media agents1770. The media agents 1770 may be similar to the secondary storagecomputing devices 165 described herein and may similarly becommunicatively coupled to one or more SS indices (e.g., SS index 261and SS light index 204) and deduplication database 297. The media agents1770 may comprise components similar to those of the secondary storagecomputing devices 165, such as deduplication module 299, contentindexing component 205, network agent 235, media file system agent 240(including cloud storage submodule 236), as described previously. Insome cases, the cloud gateway 1540 may include two or more media agents1770, such as multiple media agents 1770 externally attached to thecloud gateway. The cloud gateway 1540 may expand its data storagecapabilities by adding media agents 1770, as well as other components.

As discussed herein, the cloud gateway 1540 includes a data migrationcomponent 1642 capable of transferring some or all of the data stored inthe cache 1644. In some examples, the data migration component 1642requests and/or receives information from a callback layer 1750, orother intermediate component, within the cloud gateway. Briefly, thecallback layer 1750 intercepts calls for data between the file system1730 and the cache 1644 and tracks these calls to provide information tothe data migration component 1642 regarding when data is changed,updated, and/or accessed by the file system 1730. Further detailsregarding the callback layer 1750 and other intermediate components willnow discussed.

In some examples, the cloud gateway 1540 monitors the transfer of datafrom the file system 1730 to the cache 1644 via the callback layer 1750.The callback layer 1750 not only facilitates the migration of dataportions from data storage on the cloud gateway to secondary storage,but also facilitates read back or callback of that data from thesecondary storage back to the cloud gateway. While described at timesherein as a device driver or agent, the callback layer 1750 may be alayer, or additional file system, that resides on top of the file system1730. The callback layer 1750 may intercept data requests from the filesystem 1730, in order to identify, track, and/or monitor data requestedby the file system 1730, and may store information associated with theserequests in a data structure. Thus, the callback layer storesinformation identifying when a data portion is accessed by trackingcalls from the file system 1730 to the cache 1730.

For example, adding the cloud gateway 1540 described herein to anexisting networked computing system can provide the computing systemwith expanded storage capabilities, but can also provide the computingsystem with other data storage functionality. In some examples, thecloud gateway 1540 not only provides the storage benefits of a NAS filer1505, but also includes a data storage engine (e.g., a common technologyengine, or CTE, provided by Commvault Systems, Inc. of Oceanport, N.J.),or other functionality. For example, the cloud gateway may performvarious data storage functions normally provided by a backup server,such as single instancing, data classification, mirroring, contentindexing, data backup, encryption, compression, and so on. Thus, in someexamples, the cloud gateway described herein acts as a fully functionaland independent device that an administrator can attach to a network toperform virtually any data storage function.

Cloud Gateway for Cloud Storage Sites and Deduplication andPolicy-Driven Data Migration

As described herein, in some examples, the cloud gateway 1540 leveragesblock-level, sub-object-level, or object-level data migration in orderto provide expanded storage capabilities to a networked computingsystem. After selecting data for migration, but prior to data migration,the cloud gateway may perform block-level, sub-object-level, and/orobject-level deduplication using the methods and/or data structuresdescribed previously with respect to FIGS. 1-9. To do so, the cloudgateway 1540 may utilize components or modules within the data storagesystem 1610 (e.g., a deduplication module 299 and/or a deduplicationdatabase 297) and/or utilize components within the cloud gateway itself(e.g., data migration components 1652). In this manner, the cloudgateway may avoid creating unnecessary additional instances of theselected data within secondary storage (e.g., additional instanceswithin cloud storage sites). Additionally, the cloud gateway, may accessand apply storage policies as described previously with respect to thesystem of FIG. 1 to determine to which cloud storage site 115A-N orother cloud storage sites the cloud gateway should migrate the data.

For example, in accordance with a storage policy, the cloud gateway 1540may utilize more expensive cloud storage sites to store criticaldocuments, and less expensive cloud storage site to store personalemails. As another example, the cloud gateway may implement a storagepolicy that specifies that a first type of files should be retained forone year in a first target cloud storage site 115A, that a second typeof files should be retained for seven years in a second cloud storagesite 115B, and that a third type of files should be retainedindefinitely in a third cloud storage site 115N. As yet another example,the cloud gateway may implement a storage policy that specifies that afirst type of files (e.g., secondary disk copies needed for rapiddisaster recovery) be stored only in storage sites 115, including cloudstorage sites 115A-N, that can provide sufficient bandwidth, networkcapacity or other performance to ensure that the time needed to recovera file from the storage device 115 (e.g., cloud storage site 115A-N) isless a specified recovery time objective. As another example, certaindata may be migrated or copied only to cloud storage sites 115A-N havingsufficient fault tolerance; for example, certain data may be migrated orcopied to cloud storage sites that replicate data to various geographiclocations to prevent data loss in the event of a natural disaster orsimilar catastrophic event. For brevity, the full details of suchdeduplication and policy-driven storage methods are not repeated here.

The system can perform file system data migration at a file or blocklevel. Block-level migration, or block-based data migration, involvesmigrating disk blocks from the data store or cache 1644 to secondarymedia, such as secondary cloud storage sites 1650. This migrationprocess works particularly well with large files spanning many blocks,and is described in detail below. While not shown, file level migrationemploys similar processes, but is much simpler. Using block-levelmigration, the cloud gateway 1540 transfers blocks from the cache 1644that have not been recently accessed from secondary storage, freeing upspace on the cache. By tracking migrated blocks, the system can alsorestore data at the block level, which may avoid cost and time issuescommonly associated with restoring data at the file level.

Alternatively or additionally, a cloud gateway 1540 and associatedtechniques described herein may make secondary disk copies to disasterrecovery (DR) locations using auxiliary copy or replicationtechnologies. Additionally or alternatively, a cloud gateway andassociated techniques described herein may be used on copies of datacreated by replication operations such as CDR (Continuous DataReplication) and DDR (Discrete Data Replication).

Referring to FIG. 18, a flow diagram illustrating a routine 1800 forperforming block-level data migration in a cloud gateway 1540 is shown.In step 1810, the cloud gateway, via the data migration component 1642,identifies data blocks within a cache that satisfy a certain criteria.The data migration component 1642 may compare some or all of the blocks(or, information associated with the blocks) in the cache 1644 withpredetermined criteria. The predetermined criteria may be time-basedcriteria within a storage policy or data retention policy.

In some examples, the data migration component 1642 identifies blocksset to be “aged off” from the cache. That is, the data migrationcomponent 1642 identifies blocks created, changed, or last modifiedbefore a certain date and time. For example, the system may review acache for all data blocks that satisfy a criterion or criteria. The datastore may be an electronic mailbox or personal folders (.pst) file for aMicrosoft Exchange user, and the criterion may define, for example, allblocks or emails last modified or changed 30 days ago or earlier. Thedata migration component 1642 compares information associated with theblocks, such as metadata associated with the blocks, to the criteria,and identifies all blocks that satisfy the criteria. For example, thedata migration component 1642 identifies all blocks in the .pst file notmodified within the past 30 days. The identified blocks may include allthe blocks for some emails and/or a portion of the blocks for otheremails. That is, for a given email (or data object), a first portion ofthe blocks that include the email may satisfy the criteria, while asecond portion of the blocks that include the same email may not satisfythe criteria. In other words, a file or data object can be divided intoparts or portions where only some of the parts or portions change.

To determine which blocks have changed, and when, the cloud gateway 1540can monitor the activity of the file system 1730 via the callback layer1750. The cloud gateway may store a data structure, such as a bitmap,table, log, and so on within the cache 1644 or other memory in the NASfiler 1505 or elsewhere, and update the data structure whenever the filesystem calls the cache 1644 to access, update, or change the data blockswithin the cache 1644. The callback layer 1750 traps commands to thecache 1644, where that command identifies certain blocks on a disk foraccess or modifications, and writes to the data structure the changedblocks and the time of the change. The data structure may includeinformation such as the identification of the changed blocks and thedate and time that the blocks were changed. The data structure, whichmay be a table, bitmap, or group of pointers, such as a snapshot, mayalso include other information, such as information that maps file namesto blocks, information that maps sub-objects to blocks and/or filenames, and so on, and identify when accesses/changes were made.

In step 1820, the cloud gateway 1540 transfers data within theidentified blocks from the cache 1644 to a media agent 1770 to be storedin a different data store. The system may perform some or all of theprocesses described with respect to the system of FIG. 1 whentransferring the data to the media agent. For example, beforetransferring data, the system may review a storage policy as describedherein to select a media agent, such as secondary storage computingdevice 165, based on instructions within the storage policy. In step1825, the system optionally updates an allocation table, such as a fileallocation table (“FAT”) for the file system 1730 associated with thecloud gateway to indicate the data blocks that no longer contain dataand are now free to receive and store data from the file system.

In step 1830, via the media agent 1770, the cloud gateway 1540 storesdata from the blocks to a different data store. In some cases, the cloudgateway, via the media agent 1770, stores the data from the blocks to asecondary cloud storage site, such as a cloud storage site 115A-N. Forexample, the cloud gateway may store the data from the blocks insecondary copies of the data store, such as a backup copy, an archivecopy, and so on. Although not shown, prior to storing the data from theblocks to a different data store, the cloud gateway, via the media agent1770, may perform block-level deduplication and/or content indexing,using the methods and data structures described previously with respectto the system of FIG. 1.

Although not shown, prior to storing data from the blocks to a differentdata store, the cloud gateway 1540 may encrypt and/or compress data asdescribed previously with respect to FIG. 3B. The cloud gateway maycreate, generate, update, and/or include an allocation table, (such as atable for the data store) that tracks the transferred data and the datathat was not transferred. The table may include information identifyingthe original data blocks for the data, the name of the data object(e.g., file name), the location of any transferred data blocks(including, e.g., offset information), and so on. The location of thetransferred data blocks may comprise a URL to a file located on cloudstorage site 115A-N. For example, Table 3 provides entry information foran example .pst file:

TABLE 3 Name of Data Object Location of data Email1 C:/users/blocks1-100Email2.1 (body C:/users/blocks101-120 of email) Email2.2http://www.cloudstoragesite.com/companyname/remov1/ (attachment)blocks1-250 Email3 http://www.cloudstoragesite.com/companyname/remov2/blocks300-500

In the above example, the data for “Email2” is stored in two locations,the cache (C:/) and an offsite data store located on a cloud storagesite 115A-N (http://www.cloudstoragesite.com/companyname/). The systemmaintains the body of the email, recently modified or accessed, at alocation within a data store associated with a file system,“C:/users/blocks101-120.” The system stores the attachment, not recentlymodified or accessed, in a separate data store,“http://www.cloudstoragesite.com/companyname/remov1/blocksb 1-250.” Ofcourse, the table may include other information, fields, or entries notshown. For example, when the system stores data to tape, the table mayinclude tape identification information, tape offset information, and soon.

Sub-object-based file migration, or sub-object-based data migration,involves splitting a data object into two or more portions of the dataobject, creating an index that tracks the portions, and storing the dataobject to secondary storage via the two or more portions. The nature ofsub-objects was described previously with respect to the description ofdeduplication module 299. As described above, in some examples the cloudgateway 1540 migrates sub-objects of data (sets of blocks) that comprisea data object from the cache 1644 to another storage location, such asto a cloud storage site. In some cases, the data migration component1642 may include a division component that divides data objects intosub-objects. The division component may perform in a substantiallysimilar fashion to the object division component described previouslywith respect to the deduplication module 299. The division component mayreceive files to be stored in the cache 1644, divide the files into twoor more sub-objects, and store the files as two or more sub-objects inthe cache. The division component may update more or more indexes thatmaintains information to associate particular files with theircorresponding sub-objects for that file, the data blocks of thesub-objects, and soon.

The division component may perform different processes when determininghow to divide a data object. For example, the division component mayinclude indexing, header, and other identifying information or metadatain a first sub-object, and include the payload in other sub-objects. Thedivision component may identify and/or retrieve file format or schemainformation from an index, FAT, NFS, or other allocation table in thefile system to determine where certain sub-objects of a data objectreside (such as the first or last sub-object of a large file). Thedivision component may follow a rules-based process when dividing a dataobject, where the rules may define a minimum or maximum data size for asub-object, a time of creation for data within a sub-object, a type ofdata within a sub-object, and so on.

For example, the division component may divide a user mailbox (such as a.pst file) into a number of sub-objects, based on various rules thatassign emails within the mailbox to sub-objects based on the metadataassociated with the emails. The division component may place an index ofthe mailbox in a first sub-object and the emails in other sub-objects.The division component may then divide the other sub-objects based ondates of creation, deletion or reception of the emails, size of theemails, sender of the emails, type of emails, and so on. Thus, as anexample, the division component may divide a mailbox as follows:

User1/Sub-object1 Index User1/Sub-object2 Sent emails User1/Sub-object3Received emails User1/Sub-object4 Deleted emails User1/Sub-object5 AllAttachmentsOf course, other divisions are possible. Sub-objects may not necessarilyfall within logical divisions. For example, the division component maydivide a data object based on information or instructions not associatedwith the data object, such as information about data storage resources,information about a target secondary cloud storage site, historicalinformation about previous divisions, and so on.

Referring to FIG. 19, a flow diagram illustrating a routine 1900 forperforming sub-object-level data migration in a cloud gateway 1540 isshown. In step 1910, the system identifies sub-objects of data blockswithin a data store that satisfy one or more criteria. The data storemay store large files (>50 MB), such as databases associated with a filesystem, SQL databases, Microsoft Exchange mailboxes, virtual machinefiles, and so on. The system may compare some or all of the sub-objects(or, information associated with the sub-objects) of the data store withpredetermined and/or dynamic criteria. The predetermined criteria may betime-based criteria within a storage policy or data retention policy.The system may review an index with the division component 815 whencomparing the sub-objects with applicable criteria.

In step 1920, the cloud gateway 1540 transfers data within theidentified sub-objects from the data store to a media agent 1770, to bestored in a different data store. The cloud gateway may perform some orall of the processes described with respect to FIG. 1 when transferringthe data to the media agent. For example, the cloud gateway may review astorage policy assigned to the data store and select a media agent basedon instructions within the storage policy. In step 1925, the systemoptionally updates an allocation table, such as a FAT for a file systemassociated with the cloud gateway, to indicate the data blocks that nolonger contain data and are now free to receive and store data from thefile system.

In step 1930, via one or more media agents 1770, the cloud gateway 1540transfers or stores the data from the sub-objects to a different datastore. In some cases, the system, via the media agent, stores the datato the cloud storage sites 115A-N, and/or to secondary storage 1650,such as magnetic tape 1652 or optical disk 1654. For example, the systemmay store the data as secondary copies, such as backup copies, archivecopies, and so on. Although not shown, prior to storing the data fromthe sub-objects to a different data store, the cloud gateway, via themedia agent 1770, may perform sub-object-level or block-leveldeduplication and/or content indexing, using the methods and datastructures described herein.

Data Recovery in Cloud Storage Sites Via Cloud Gateway Device

A data storage system, using a cloud gateway 1540 leveraging theblock-based or sub-object-based data migration processes describedherein, is able to restore not only files, but also portions of files,such as individual blocks or sub-objects that comprise portions of thefiles. Referring to FIG. 20, a flow diagram illustrating a routine 2000for block-based or sub-object-based data restoration and modification isshown. While not shown, file level data restoration employs similarprocesses, but is much simpler. In step 2010, the system, via a restoreor data recovery component, receives a request to modify a file locatedin a cache of a NAS filer 1505 or in secondary storage in communicationwith a cloud gateway. For example, a user submits a request to a filesystem to provide an old copy of a large PowerPoint presentation so theuser can modify a picture located on slide 5 of 200 of the presentation.

In step 2020, the system identifies one or more blocks or one or moresub-objects associated with the request. For example, the callback layer1750 of the system looks to an index or table similar to Table 3,identifies blocks associated with page 5 of the presentation and blocksassociated with a table of contents of the presentation, and contactsthe cloud gateway 1540 that stored or migrated the blocks on secondarystorage.

In step 2030, the system, via the cloud gateway 1540, retrieves theidentified blocks or sub-objects from the secondary storage and presentsthem to the user. For example, the system only retrieves page 5 and thetable of contents of the presentation and presents the pages to theuser. If some or all of the identified blocks or sub-objects werepreviously deduplicated prior to being transferred the secondarystorage, in order to retrieve the identified blocks or sub-objects, thecloud gateway may utilize the media agent 1770, to “rehydrate” thededuplicated data using the methods described previously with respect toFIG. 12.

In step 2040, the system receives input from a user to modify theretrieved blocks or sub-objects. For example, the user updates thePowerPoint presentation to include a different picture. In step 2050,the system transfers data associated with the modified blocks orsub-objects back to the cloud gateway 1540, where it remains in a cacheor is transferred to secondary storage, and updates the table/index.Thus, the system, leveraging block-based or sub-object-based datamigration in a cloud gateway, restores only portions of data objectsrequired by a file system.

For example, a user submits a request to the system to retrieve an oldemail stored in a secondary copy on removable media via a cloud gateway1540. The system identifies a portion of a .pst file associated with theuser that contains a list of old emails in the cache of the cloudgateway, and retrieves the list. That is, the system has knowledge ofthe sub-object that includes the list (e.g., a division component mayalways include the list in a first sub-object of a data object),accesses the sub-object, and retrieves the list. The other portions(e.g., all the emails with the .pst file), were transferred from thecloud gateway 1540 secondary storage. The user selects the desired emailfrom the list. The cloud gateway, via an index in the cache thatassociates sub-objects with data or files (such as an index similar toTable 3), identifies the sub-object that contains the email, andretrieves the sub-object from the associated secondary storage forpresentation to the user. Thus, the cloud gateway is able to restore theemail without restoring the entire mailbox (.pst file) associated withthe user.

As noted above, the callback layer 1750 maintains a data structure thatnot only tracks where a block or sub-object resides on secondarystorage, but also which file was affected based on the migration of thatblock or sub-object. Portions of large files may be written to secondarystorage to free up space in the cache or data store 1644 of the NASfiler 1505. Thus, to the network, the total data storage of the cloudgateway is much greater than that actually available within the cache ordata store 1644. For example, while the cache or data store 1644 mayhave only a 100-gigabyte capacity, its capacity may actually appear asover 20 terabytes, with storage over 100 gigabytes being migrated tocloud-based storage.

System Configurations to Provide Data Storage and Management Software asa Service

Alternatively or additionally, the functionality and components of thesystem described previously may move into the cloud. This solution maybe used for software as a service (“SaaS”), for application serviceproviders (ASPs), or for a managed services provider to host and providedata storage and management as an offering, although it can also easilybe utilized by a large enterprise to build on top of a private networkor cloud. A software as a service (SaaS) model permits a client 130 toutilize a unified and rich set of value-added data management services(e.g. compression, deduplication, content-indexing/search, encryption,etc.) that may be fully independent of which cloud storage providersactually hosting the client's data. It also provides a mechanism for aclient 130 to readily transfer data between various cloud storage sites115 without being tied to a single cloud storage vendor. A software as aservice model also permits clients 130 to utilize data managementservices and cloud storage on a capacity or utilization basis (e.g.,per-gigabyte pricing), without fixed capital expenditures (e.g.,expenditures for a set of vendor-specific cloud boxes or a software orhardware license). Under a SaaS arrangement, administrative functionsmove off-site, since there is no local secondary storage or otherhardware at a client's site and the software (and any software updates)may be pushed to the client 130 as needed and configured on demand.Furthermore, remote monitoring techniques may be employed to furtherreduce administrative overhead of operating SaaS systems. FIG. 21illustrates an example of an arrangement 2102 of resources in acomputing network that may provide data storage software as a service.As shown, in this arrangement 2102, the storage manager 105 andsecondary storage computing devices 165 are in the cloud (e.g.,separated from the clients 130 by a network, such as a public WAN, likethe Internet). The on-premises components need only include one or moredata agents 195 and network client agents 255, which may reside onclients 130. The arrangement 2102 may permit multiple “tenants” to use asingle SAAS system 2102 since the various clients 130 may be associatedwith different entities (e.g., different companies). Data agents 195utilize network client agents 255 (including HTTP client subagents) tocommunicate effectively with the storage manager 105 and secondarystorage computing devices 165 via their HTTP subagents located withinnetwork agents 235.

As described previously, the transport mechanism provided between theHTTP client subagent and HTTP subagents may be cloud-aware andcloud-capable. The HTTP client subagent and HTTP subagents may furtherbe configured to work via firewalls and/or to configure firewallsappropriately. Details regarding managing firewall connections may befound in the assignee's U.S. patent application Ser. No. 12/643,653,filed Dec. 21, 2009, entitled Managing Connections in a Data StorageSystem. Alternatively or additionally, data agents 195 may utilizeproprietary protocol client subagents configured to facilitate a virtualprivate network connection running over an HTTPS protocol, or anothertype of open/secure pipe wrapped in an HTTPS protocol to communicateeffectively with storage manager 105 and secondary storage computingdevices 165 via their proprietary protocol subagents.

In this arrangement, as described previously, media file system agent240 may comprise one or more cloud storage submodules 236 that permitthe media file system agent 240 to open, read, write, close, and deletedata files stored on cloud storage sites and/or otherwise direct cloudstorage sites to perform data storage operations.

In this sample arrangement, an on-premises user controlling only theclient 130 may benefit from all or some of the system functionalitiesdescribed previously (e.g., deduplication, content indexing, searching,archiving of data) and yet remain insulated from the details ofmaintaining and monitoring the data storage architecture on a day to daybasis. Those details may move entirely into the domain of the SaaSprovider or other network-based or cloud-based service provider, andexplained herein.

Object Store

Alternatively or additionally, most or all elements of the systemdescribed previously may move into the cloud and be re-configured toallow a cloud storage provider to utilize the system as a data store,such as an object store 2250 shown in FIG. 22. A large enterprise couldalso use this system to provide cloud storage and data management toclients within the enterprise and/or outside the enterprise. By exposingREST or other web-based interfaces via a web service layer, users canread, write and manipulate data in an object store 2250.

In many respects, the object store 2250 provides similar functionalityto the systems described previously and may provide additional features.An object store 2250 system may provide value-added services such asretention, deduplication, compression, encryption, content indexing andsearch, and collaborative searching. An object store 2250 may alsoprovide tiered storage and information life cycle management services.The object store 2250, like the systems described previously, may alsoutilize other cloud storage sites as target cloud storage sites 115 thatmay be used as additional tiers of storage that provide extensiblestorage capacity.

An operator of the object store 2250 may charge the user of a client2202 and/or associated entities (e.g., the employer of a user, oranother operator or owner of the client 2202) on a subscription basis,volume basis, a mixed subscription/volume basis, or another pricingstructure. For example, an operator may charge a monthly subscriptionfee to a company for unlimited uploads and downloads to an object storeperformed by its associated users or clients, so long as the totalamount of data stored within the data store at any time during a monthdoes not exceed a certain limit.

As another example, an operator may employ a volume pricing scheme andcharge an entity when a user or client that is affiliated with theentity performs various actions using the data store 2250. The operatormay charge an entity a first rate for each unit of data uploaded to thesite, and/or a second rate for each unit of data stored in the site fora unit of time (the rate may vary by the type of data cloud storage siteused to store the data) and/or a third rate for conducting acontent-based search of data stored therein that retrieves informationabout various objects (e.g., file name, user name, content tags), afourth rate for conducting a collaborative search operation upon datastored therein, and/or a fifth rate for each unit of data retrievedand/or restored and served back to a client. As a third example, anoperator may charge a flat monthly subscription fee to keep a user'saccount active and additionally charge one or more volume-based rateswhen the user performs various actions using data store 2250.

FIG. 22 is a block diagram illustrating components of the object store2250. As shown in FIG. 22, the object store 2250 may comprise a storagemanager 105, one or more object server nodes 2208, one or more secondarystorage computing devices 165, one or more deduplication databases 297,and one or more SS indices 261. An object store 2250 may becommunicatively coupled to clients 2202 over a network such as a LAN,MAN, WAN or other network. Clients 2202 may differ from the clients 130shown in FIG. 1 in that they may not run a dedicated data agent 195and/or network client agent 255 configured to communicate with theobject store 2250, but instead communicate using existing client-basedsoftware components, such as LAN protocols (e.g. Ethernet, SCSI, etc.),WAN protocols (e.g., FTP/HTTP), etc. An object store is communicativelycoupled via its secondary storage computing devices 165 to cloud storagesites 115, including various cloud storage sites 115A-N, either via LAN,WAN, etc.

As shown in FIG. 22, each object server node 2208 may comprise an objectserver agent 2210, an ingestion database 2212, and a primary data store2214. An object server agent 2210 may be built on Linux for performanceand to make it economical to scale the number of object server nodes2208 as needed. An object server agent 2210 provides a REST interface orother web-based interface to clients 2202 to write, read, retrieve, andmanipulate data ingested by the object server node 2208, and storedtherein or in associated secondary cloud storage sites 115.

Each object server agent 2210 exposes one or more sub-clients of anobject server node 2208. Sub-clients are containers on which defaultstorage policy parameters may be set to dictate the handling ormanagement of data within that container. Individual object-levelparameters that a user specifies and provides along with a file/objectcould optionally override these defaults parameters. Within eachsub-client, a number of storage sites can be created, each of whichcorresponds to a logical point of data ingestion via the REST interface,and may correspond to a particular cloud storage site (e.g., a URL orweb directory dedicated to a cloud storage site serving a particularcustomer or company). Object store 2250 may maintain a system-level(and/or tiered node-level) file system of all data stored within theobject store 2250 and/or associated storage devices (cloud storage sites115). However, object store 2250 may expose to each particular client(or a particular customer or company) only the subset of the larger filesystem that corresponds to the client's objects (or a customer's orcompany's objects). As described herein, object store 2250 may implementthese effectively separate file systems in part by utilizing AccessControl Lists and/or Access Control Entries.

As an example, a cloud vendor who operates an object store 2250 mightassign an entire sub-client to a Web 2.0 customer, who in turn mightpartition it up into several sites and allocate one to each of itscustomers. More object server nodes 2208 can be added to the system toscale up the capacity of the object store 2250 and its ability torespond to storage operation requests, while still preserving theability to address any given site's namespace in the same way. Theparticular object server node 2208 utilized for the storage of a certainfile may be chosen on the basis of the file type and/or othercharacteristics of the file (e.g. the type of application that createdthe file). Thus, certain object server nodes may be specific to types ofapplications (e.g. text-based applications such as word processingapplications on one node, image-based applications such as digital imageapplications on a second node, audio-based applications on a third node,video-based application on fourth node, etc.) As another example,various object server agents 2210 and/or various sub-clients within anobject server agent 2210 may each be configured to each handle adifferent type of object; for example, a first object server agent 2210may be configured to handle documents, a second object server agent 2210configured to handle email objects, and a third configured to handlemedia objects, such as image files and video.

Object server agents 2210 run a web server (such as an Apache orMicrosoft IIS web server) and expose a REST interface or other web-basedinterface to clients 2202. The object server agents 2210 provide dataingestion or upload points to the object store 2250 for each storagesite within each sub-client. Data ingested from a client 2202 by anobject server agent 2208 may be temporarily stored, cached, or spooledon a primary data store 2214.

An ingestion database 2212 records information about each data objectingested by its associated object server node 2208, such as anassociated URI or other token that identifies the particular dataobject, the sub-client and/or site associated with the object, theclient 2202 and/or user associated with the object, the time the objectwas created within the data store, the location(s) of instance(s) of thedata object within a primary data store 2214 and/or cloud storage sites115, location(s) of deduplication and/or content indexing informationpertaining to the object (e.g., deduplication database(s) 297 or SSindices 261 having related information), metadata (including securitymetadata), default and/or object-level storage policy parameters (suchas parameters affecting retention, security, compression, encryption,and content indexing), and an identifier (e.g., a hash). In someexamples, the ingestion database may also store content informationwithin the ingestion database 2212 to provide content indexingcapability at the object server node. In some examples, the ingestiondatabase 2212 schema comprises tables for sites (e.g. registered sites),security (e.g., document or folder-level security information), objects(or documents), document or object versions, document or object versionaudit information, deleted document or object versions, storagelocations, a document or object cache, and/or archFileReferences. In oneexample, the ingestion database 2212 is implemented using PostgreSQL,but other examples utilize Oracle, OpenLink Virtuoso, or a similardatabase management system.

As described previously, data ingested by the object server agent 2210may be temporarily stored, cached, or spooled on the primary data store2214. In one implementation, an ingestion process at the object servernode 2008 may run on a prescribed schedule (according to a schedulepolicy described previously) to process data stored in primary datastore 2214. Using policy parameters, metadata, and/or other informationstored in ingestion database 2212, the object server node 2208 may formlogical groups of data objects and request that a secondary cloudstorage computing device 165 copy or migrate each logical group of dataobjects into an archive file or other type of secondary storage formatvia a secondary storage computing device 165; each data object in thegroup is stored in association with related metadata (including AccessControl List data and/or other security-related data). Logical groupstypically comprise objects having similar retention policies (e.g.,similar secondary storage media requirements, similar retention times)and/or similar object types (e.g., all objects in the group are emails;all objects were created using the same application). Logical groups maybe formed by applying additional and/or different criteria, such asgroups reflecting specific ingestion site(s), user(s) associated withthe object, or a company or entity associated with the object. Logicalgroupings may also be based on policy parameters provided by a client orcustomer of the object store. Thus, a customer of the object store mayprovide policy parameters that dictate the logical groupings used. Forexample a customer might specify that they want a new logical groupingfor each back-up cycle performed on their data. As another example, acustomer of an object store may specify that they do not want their datacommingled with the data of other customers (e.g. the system mayconsolidate all of that customers data for a particular job or back-upcycle/window to be stored in new containers for that job/cycle/window).In some implementations, an object server node 2208 (or secondarystorage computing device 165) may divide objects into sub-objects (asdescribed previously), form logical groups of data sub-objects, and copyor migrate logical groups of data sub-objects.

As a first example, an object server node 2208 may query an ingestiondatabase 2212 to identify all recently ingested email objects currentlystored in primary data store 2214. Object server node 2209 may thenrequest a secondary storage computing device 165 to process this groupof email objects into an archive file stored on a particular cloudstorage site 115. As another example, an object server node 2208 mayquery ingestion database 2212 to identify all recently ingested objectsthat are to be stored for 7 years on high-quality tape storage. Objectserver node 2208 may then request a secondary storage computing device165 to process this group of objects into an archive file stored on acloud storage site 115 that provides suitable tape storage.

Unless explicitly proscribed by applicable storage policy parameters, anobject server node 2208 may form a logical group that includes dataobjects from various clients 2202, each of whom may utilize a differentcloud storage site and/or may be affiliated with different entities. Inone illustrative example, clients 2202A1, 2202A2 are affiliated with aCompany A and both utilize a first storage site on a first sub-client ofa first object server node 2208. Clients 2202B1 and 2202B2 areaffiliated with a Company B and both utilize a second storage site alsohosted on the first sub-client of the first object server node 2208.Assuming the default storage policy parameters of the first sub-clientspecify that email messages are to be retained on tape for 1 year, thenall email objects ingested from all four of these clients may becommingled in a logical group and then stored in a commingled fashionwithin a single archival tape file scheduled for a one year retentionperiod. The only email objects from these clients that would not be sostored are individual email objects that are associated with differentuser-specified storage policy parameters (e.g., if a user specified thatemails related to or from the finance department should be stored incloud storage (not tape) and/or stored for a 7 year retention period(not a 1 year period)).

In some implementations, when a secondary storage computing device 165receives a request to process a logical group of data objects and themetadata associated with these objects, it may handle the request inaccordance with the process of FIG. 3B. That is, the secondary storagecomputing device 165 may content index each object in the group, performobject-level, sub-object level and/or block-level deduplication on thegroup, and/or encrypt the data and metadata. As a result of theprocessing, the secondary storage computing device 165 will also storeeach of the various objects in logical association with its relatedmetadata (including ACL or other security metadata). During thisprocess, described previously, the secondary storage computing device165 may build indexing information within a content index or anotherindex (e.g., SS index 261) and/or deduplication information (e.g.,within deduplication database 297). By storing objects with similarretention policies in logically grouped archival files, the system mayefficiently prune or eliminate data from the object store 2250 and/ormore efficiently perform ILM within the Object store 2250, since thevarious objects within each archival file may have similar dates fordeletion or migration.

During the deduplication processing of a logical group, the secondarystorage computing device 165 may perform lookups on one, some, or all ofthe deduplication databases 297 within the object store 2250. In oneexample, during deduplication, a secondary storage computing device 165only performs lookups on one deduplication database 297, which maydecrease the time required for deduplication (and/or pruning and/or datarestoration) but increase the volume of data stored within the datastore. In another example, during deduplication, a secondary storagecomputing device 165 performs lookups on all deduplication databases 297within an object store 2250, which may increase the time required fordeduplication (and/or pruning and/or object restoration) but decreasethe volume of data stored within the data store.

Note that deduplication of data objects in a logical group may occuracross clients 2202 and/or across various companies. Returning the priorexample, if client 2202A1 and client 2202B2 (from two differentcompanies) both receive a particular email message and associated largeattachment, secondary cloud storage site 165 may store only one instanceof the email data object and attachment (although it stores andassociates the instance with two different sets of metadata, one set forclient 2202A1 and one set for client 2202B2). Thus, by storing datareceived from multiple clients, even associated with different andindependent companies, the system can realized greater deduplicationover what either client would realize individually. Once cross-client orcross-company deduplication occurs, if a particular client or companyrequests the deletion of a shared object (or shared sub-object orblock), the system will not necessarily delete the physical copy of theshared object (or sub-object or block). Instead, the system may simplyupdate one or more indices or databases such as a deduplication database(e.g., by removing a link, URL or other pointer to a physical copy),delete the file name from a file allocation table (FAT) or similar filesystem data structure, etc. In this way the client or customer who“deleted” the object no longer has access to the object and no longersees the object as part of the file system that is exposed to them bythe object store.

Additionally in this example, under the deduplication processesdescribed previously, even if the two identical email objects wereingested by an object server node 2208 at different times (e.g., a monthapart), when a second copy eventually reaches a secondary storagecomputing device 165, it still might not result in a second instancebeing created. This result occurs because during the deduplicationprocess, a deduplication module 299 on a secondary storage computingdevice 165 might detect an instance of the object in a deduplicationdatabase 297. However, the system may alternatively determine that thefirst version, while identical, is too old and could have been stored onstorage medium that may be degrading, and thus the system may store thesecond version it receives years later.

As described previously, when a media file system agent 240 performs theprocess shown in FIG. 3B it will typically result in the storage of oneor more aggregated or containerized archive files. The individual dataobjects of a logical group are not stored as individual files on a filesystem of a cloud storage site 115. As described previously, bycontainerizing data, the object store 2250 may thus reduce thelimitations posed by file system scalability by reducing the strain onthe namespace of the object store 2250. The generation of these archivefiles also generates catalogs (e.g., deduplication databases 297, SSindices 261, and/or other information) that makes it easier to access,search for, retrieve, or restore a single object even from theaggregated archive form. Further details on archive files may be foundin the assignee's U.S. Patent Publication No. 2008-0229037, filed Dec.4, 2007, entitled SYSTEMS AND METHODS FOR CREATING COPIES OF DATA, SUCHAS ARCHIVE COPIES.

When a client 2202 or application running on a client 2202 checks in orstores an object into an object store 2250, an object server node 2208may serve it a unique Universal Resource Identifier (“URI”) or tokenthat points to or identifies the object, which the client 2202 orapplication may store locally on the client side. This token or URI maybe globally unique to all objects within the object store 2250.Alternatively, it may be unique with respect to all objects stored by asingle client 2202, ingested by a particular object server node 2208,sub-client and/or site, and/or unique with respect to another factor. Inthis way, the URI in conjunction with other information (e.g., a user'slogin information) may still uniquely identify a particular data object.

To provide verification to a user of the integrity of files stored in anobject store 2250, an object store can optionally generate a uniqueidentifier such as a hash (or probabilistically unique identifier) usinga particular identifier-generation algorithm for each data objectingested and return that identifier to a calling application on a client2202 at the time of ingestion. When an application on the client 2202later retrieves the same data object, a client-side application can usethe same identifier-generated algorithm to compute a hash for theretrieved object. If this newly computed identifier matched theidentifier returned during ingestion, it would assure the client thatthe data object had not been modified since it was originally ingested.In addition, an object store 2250 may run similar periodic dataverification processes within the object store 2250 asynchronously toensure the integrity of the data stored therein. Further details may befound in the assignee's U.S. Patent Publication No. 2009-0319534, filedJun. 24, 2008, entitled APPLICATION-AWARE AND REMOTE SINGLE INSTANCEDATA MANAGEMENT.

Optionally, data objects may be ingested inline into multiple archivefiles on separate object server nodes 2208 (for redundancy or otherreasons). Also, in one example, geographically separate replication maybe configured per cloud storage site, which allows the system to serveup objects from a remote location (which may include continuous datareplication technology), for fault tolerance (because separate powergrids, long-haul communication links, etc. would be used), etc.

An object store 2250 may also optionally make a copy of data onremovable media such as tape to enable secure offline storage.Alternatively or additionally, an object store may make secondary diskcopies to disaster recovery (DR) locations using auxiliary copy orreplication technologies as noted herein.

Each site within an object store 2250 may be protected via securitypolicies that limit which users or clients 2202 have access to the site(and/or to particular objects stored within the site). As describedpreviously, a system may include mechanisms to permit authentication(e.g., by the use of registered username and password combinationsand/or similar known authentication methods). A system may also enablecustomers to specify and store access privileges, including privilegesfor object access within the object store 2250. As described previously,user-level security and other metadata may be provided and stored alongwith the object.

For example, an object may be stored with a provided ACL containingAccess Control Entries (“ACE”). An ACL contains a list of users and/orgroups that are allowed to access a data object, type of data object, orresource containing a data object. Each ACE may specify a user, group,or other entity that has access to the data object associated with theACL. In some embodiments, an ACL may contain a list of users or groupsthat are specifically denied access to a data object. To implementuser-level security, when a user, system, or process attempts to accessa data object on an object store 2250 (or related information ormetadata, such as a file name), the object store 2250 may access andparse an ACL and any associated ACEs or other security data related tothe data object to determine whether the user has the appropriate accesslevel to access the object or its related information. Further detailson such security and access control may be found in the assignee's U.S.Patent Publication No. 2008-0243855, filed Mar. 28, 2008, entitledSYSTEM AND METHOD FOR STORAGE OPERATION ACCESS SECURITY.

When an application running on a client 2202 requests the retrieval of adata object stored in the object store 2250, the client may present aURI (or other token) back to the object server node 2208. Before theobject server 2250 returns the data object (and/or provides otherrelated information or metadata to the user, such as the file name ofthe data object), the object server (e.g., via the object server agent2210) may parse the ACL or other security information to confirm thatreturning the object (or providing other information) is in conformancewith the object's security settings and/or previously defined policiesstored in the storage manager. If the user of the client 2202 isproperly authenticated, and the user has sufficient access rights to theobject (as determined by the ACL or other security information stored inconjunction with the object), the user will be able to retrieve the dataobject. In this manner, the object store 2250 ensures sufficient privacybetween various clients 2202A1, despite the fact that their objects maybe commingled in the primary data store 2214 and cloud storage sites115.

A web-based portal may be provided by the object store to readily allowa user to authenticate interactively and browse, view, and restore theirdata as well. For example, a web-based portal may permit a user to logon to the system, and may then present a user with an interface thatpresents to them various data objects associated with the user. Forexample, it may present objects that were ingested from the user'sclient 2202, and/or objects ingested from some clients from the user'sentity, and/or objects associated with a collaborative search in whichthe user is a participant. The interactive interface will also supportsearch capabilities, end-user tagging of data, and the ability toclassify data into folders (“review sets”) for future reference.

Data indexing capabilities, described above, may be incorporated into anobject store 2250 to permit policy-based searches of content or otherinformation relating to data objects, that have been indexed. Such dataindexing and classification permits the object store 2250 to offer“active management” of the data to an administrator of the system. Forexample, an administrator can define the actions to be performed on databased on criteria pertaining to the data—e.g., tag, check into an ECMsystem, restore into a review set for a knowledge worker to reviewlater, etc. In one example, indexing capabilities may also permit usersto conduct collaborative searching and collaborative document managementof objects within the object store 2250 as described previously.

Object Store Methods

In one implementation, an object store 2250 may avoid the system costsassociated with uploading and storing an unnecessarily duplicative copyof an object during a data storage request by a client 2202. FIG. 23shows a first process 2300 for managing a request to store an objectwithin an object store 2250, including apportioning the storage cost ofthe object. The process 2300 may result when a calling application on aclient 2202 requests that an object server agent 2210 store a particularobject.

The process 2300 begins in block 2305 where an object server node 2208receives an identifier (e.g., a token, URI or hash) for an object andmetadata associated with the object (including, e.g., object-levelsecurity, content tags, and/or storage policy parameters). For example,a calling application on the client 2202 may generate a hash identifierfor an object and send that identifier to object store 2250 along withmetadata. At optional block 2310 the object server node 2208 performs alookup of the received identifier in one or more deduplicationdatabase(s) 297 to ascertain whether the object has already beeningested and processed by object store 2250 (or ingested or processed byparticular object server node(s) 2208, particular storage site(s), orparticular secondary storage computing device(s) 165, such as thosesecondary storage computing device(s) 165 associated with a particularobject server node 2208). Alternatively or additionally, an objectserver node 2208 performs a lookup of the received identifier in one ormore ingestion databases 2212 within data store 2250 to ascertainwhether the object has already been ingested by object store 2250 (oringested by particular object server node(s) 2208, particularsub-client(s), or particular storage site(s)). Alternatively oradditionally, the object server node sends the received identifier toone or more cloud storage sites to see if a copy of the object hasalready been stored therein.

At optional decision block 2315, the system uses the informationacquired at block 2310 to determine if the system currently has theobject stored in a manner that is consistent with the storage policyparameters applicable to the object. If it does, the process proceeds toblock 2355, otherwise it proceeds to block 2320. For example, if thesystem has only one copy of the object stored in tape storage, but thecalling application on the client 2202 has specified that the objectshould be stored on disk storage, the process may proceed to block 2320.

If object store 2250 already has the object stored in an appropriatemanner, at block 2355, the object server node 2208 updates deduplicationdatabase 297 to reflect how the new request refers to previously storedblocks. For example, the system may increase reference counts in aprimary block table and may add additional entries to a secondary blocktable within deduplication database 297 to reflect how the new requestrefers to previously stored blocks. In some implementations, the systemmay additionally or alternatively update an object-level deduplicationdatabase 297 (e.g., by incrementing an object-level reference count inan object-level index within the deduplication database).

At block 2355, the object store 2250 may not request a new copy of theobject, saving the time and system cost associated with uploading theobject anew, and may instead simply update a deduplication database 297.For example, if a cloud storage site already has a copy of an objectstored therein, at step 2355, the object store may add a link or URL toa previously stored copy in the deduplication database 297 and/orelsewhere. The process then proceeds to block 2325.

If optional blocks 2305-2315 are not performed by the system, theprocess begins instead at block 2320.

At block 2320, object server node 2208 requests the object from client2202. If object server node 2208 has not already received metadata, italso requests metadata from client 2202 at block 2320. The process thenproceeds to block 2325. Alternatively, if at decision block 2315, theobject server node 2208 determines that the object store 2250 currentlyhas the object in storage, but it is stored in a manner that isinconsistent with applicable storage policy parameters, object servernode 2208 may instead retrieve or request a copy of the object fromanother system component (e.g., a primary data store 2214 or a cloudstorage site 115) and if necessary, request metadata from client 2202.

At block 2325, after receiving the object and/or its metadata, thesystem stores these in the primary data store 2214. If object store 2250already has a copy of the object stored in an appropriate manner, atblock 2325 the system may store one or more pointers, links, orreferences to the object and/or its constituent blocks (e.g., a pointerto a dehydrated instance of the object within object store 2250 or cloudstorage site 115, or a pointer or reference to an entry in adeduplication database 297) in the primary data store 2214 instead ofstoring a copy of the object. At block 2325, an object server node 2208may also generate a URI for the object, update an ingestion database2212 to reflect information about data object (as described previously),and may return a URI or other token to client 2202. Additionally oralternatively, an object server node 2008 may also generate and returnan identifier (e.g., a hash) for the object to provide later validationto the client 2202. Object server node 2208 may also store an identifierfor the object in ingestion database 2212 and/or deduplication database297.

At block 2330, during a scheduled ingestion process describedpreviously, object server node 2208 may associate the object (and itsmetadata) with a logical group of objects (logical groupings aredescribed further herein). Object server node 2208 may further request asecondary storage computing device 165 to process the logical group bycopying or migrating each logical group of data objects into acompressed, deduplicated or “dehydrated” archive file that may employdata structures such as those shown in FIGS. 5 and 8.

At block 2335, a secondary storage computing device 165 performs contentindexing of the object in the manner described previously with respectto FIG. 10. At block 2340, a secondary storage computing device 165performs deduplication of the object using one or more of thededuplication methods and data structures described previously. In oneexample, deduplication may be file or block-level deduplication. Inother examples, the deduplication may be object-level or sub-objectlevel deduplication. During deduplication at block 2340, the system mayperform lookups on or otherwise examine one, several, or alldeduplication databases 297 within object store 2250 to determine thenumber of instances of the object that are currently stored and/or thenumber of instances of each block in the object that are current stored.Thus, the scope of deduplication within an object store 2250 may bequite limited or quite broad. In one example, a deduplication processonly utilizes deduplication databases 297 associated with the sameobject server node 2208 that received or ingested the object. Adeduplication database 297 is associated with an object server node 2208if the deduplication database has any entries reflecting a storageoperation initiated by the same object server node 2208.

At block 2345 the system stores a dehydrated form of the object withinan archive file, which may also comprise data relating to any or all ofthe objects in the logical group. As illustrated previously, the precisedehydrated form of an object within an archive file will depend on thetype of deduplication performed and whether some or all of the object'scontent had previously been stored. For example, if block-leveldeduplication is performed upon the object and a prior instance of theobject was already appropriately archived, the dehydrated form of theobject may be represented within the archive file by metadata and one ormore pointers or similar references. For example, during deduplication,if a cloud storage site already has a copy of an object stored therein,at step 2345, the object store may store in a container file, a link,URL or other pointer to a previously stored copy. If instead,block-level deduplication is performed upon the object but a priorinstance of the object was not already appropriately archived, thedehydrated form of the object within the archive file may comprisemetadata, pointers/references to some blocks stored previously, and newcopies of some other blocks within the object.

At optional block 2360, the system may apportion the cost of storing theobject between one or more clients or their related entities. Statedconversely, at block 2360, the system may attempt to apportion any costsavings resulting from the avoidance of unnecessary storage within thedata store and/or unnecessary uploads to the object store 2250. Forexample, if two different clients 2202 from two different companies bothrequest that an object store 2250 provide storage of the same dataobject, the two companies may receive adjusted pricing for theirrequests to reflect the cost savings realized by the system duringdeduplication. As described previously with respect to FIG. 22, in theevent that some or all of the blocks of the data object were previouslystored appropriately within the storage operation cell 2250, thededuplication at block 2340 may reduce the amount of data needed toprocess a new request to store the same data object. Thus, block 2340may reduce the amount of data storage needed to accommodate a storagerequest. Additionally, if the system performs the optional identifierlookup shown in blocks 2305-2315 and the process proceeds to block 2355,the system avoids the cost of receiving the data object (e.g., ingestionbandwidth of an object server agent 2210 used and/or the systemresources needed to transfer the object into and out of a primary datastore 2214).

To apportion cost savings, the system may utilize or mine the datastored in deduplication databases 297, SS index 261, management index211, and/or ingestion databases 2212. As described previously, thesedatabases correlate client 2202 information with data ingested into andstored by the object store 2250, such as the time of creation,deduplication information, deletion dates, and storage locations. Thus,the system may use these databases to determine which storage requestsinitiated by a particular client 2202 were processed via directingestion of an object from the client 2202, in contrast to thosestorage requests initiated by the client that were able to utilizepreviously stored instances of an object or some of its blocks. Such adetermination permits the system to determine where cost savings haveoccurred. When apportioning costs, the system may utilize a slidingratio that is selected using criteria such as the size of a shared dataobject, the quantity and/or quality of total data stored on the objectstore by a particular company or client, the terms of a service contractor agreement between a particular company and an operator of an objectstore, the storage policy for the company, and/or any other suitablecriteria.

In one example, a first client 2202A associated with a first companyuploads a new object to an object store 2250, and later a second client2202C associated with a second company sends an identifier (hash) of thesame object to the object store and requests storage of that object. Inthis example, a second upload of the object itself may be avoided (i.e.,the process of FIG. 23 proceeds to block 2355) and a second copy of theobject within the object store 2250 may be avoided. In this example, thesystem may initially charge the first company a first non discountedrate for the upload of the object (e.g., a rate based on its size) and asecond non discounted rate for the storage of that object (e.g., a ratebased on the object's size and the duration and quality of storage usedto store it). At a later time, the system may charge the second companya third discounted rate for their requested upload of the object (e.g.,a rate based on its size) and a fourth discounted rate for the storageof that object (e.g., a rate based on the object's size and the durationand quality of storage used to store it).

Additionally or alternatively, the first company may receive a credit orrebate to its account to reflect some or all of the cost savingsrealized from avoiding a second upload; this credit or rebate may be foran amount that is different from (e.g. less than) the second client'sthird rate. Additionally, after the second client requests storage, solong as both the first and second clients have effective access to thedata object (e.g., their “virtual copy” of the object has not beeneliminated due to a retention policy and the client has not requestedits deletion), one or both companies may receive a discounted or reducedstorage rate. For example, the first company may receive a storage ratelower than the second non-discounted rate that was originally charged.

In a second example, a first client 2202A associated with a firstcompany uploads a first object that is new to the object store 2250, andlater a second client 2202C associated with a second company sends anidentifier (e.g., a hash) of a similar second object and requestsstorage of the object. A second object is similar to a first object ifit shares one or more blocks in common with the first object. In thisexample, a second upload of the object itself is not avoided (e.g., theprocess proceeds to block 2320), since the two objects have differentidentifiers. However, block-level deduplication (e.g., at block 2340)may reduce the amount of new data needed to store the second object.After the second client requests storage, so long as both clients haveeffective access to the common blocks (e.g., their “virtual copy” of theblocks has not been eliminated due to retention policies and the clienthas not requested deletion), one or both of the two companies mayreceive a reduced storage rate for the common blocks.

In a third example, cost apportionment is not tied to a particularstorage request, but rather occurs in an aggregated way. For example,the system may periodically (e.g., monthly) determine what percentage ofblocks uploaded directly from a first company's clients 2202 arereferenced by another company's deduplication database entries. Thesystem might then provide a rebate to the first company's account, offerlower rates to the first company for another future period (e.g., thenext month), apportion costs that month between the two companies sothat each company's bill is less that what it would have been if eachhad stored its own copy, etc.

In a second implementation, an object store 2250 may avoid the systemcosts associated with uploading and storing unnecessary duplicate copiesof data blocks when processing a data storage request by a client 2202.FIG. 24 shows a second process 2400 for managing a request to store anobject within an object store 2250, including apportioning the storagecost of the object. The process 2400 of FIG. 24 is similar to process2300 of FIG. 23, however, in process 2400, the system may avoid thecosts associated with uploading redundant blocks, not just redundantobjects, by performing block-level deduplication at substantially thesame time as data ingestion. In this implementation, during process 2400the system may cache or store a logical group of objects in an archivefile stored in the primary data store 2214 that reflects a dehydratedform of the objects (i.e., an archive file that utilizes data structuressimilar to those shown in FIGS. 5 and 8). Later, during a scheduledingestion process, the archive file may be transferred or copied to oneor more secondary cloud storage sites 115.

Alternatively, during process 2400, the object store 2250 may write adehydrated form of data objects directly to an archive file located in asecondary data store 115 by utilizing secondary storage computing device165. As described previously, an archive file may comprise one or morevolume folders 802 that further comprise one or more chunk files 804,805. The chunk folders may further comprise one or more of each of thefollowing: metadata files 806, metadata index files 808, container files810, 811, and container index files 812.

The process 2400 begins at block 2405, where the system receives objectmetadata, identifies a logical group, and identifies an archive file forstoring a dehydrated form of the object. At block 2405, the system mayidentify a logical group for the object by using the received metadata(e.g., reflecting the type of object, the storage policy parameters,and/or security information), and/or other information (e.g., theidentity of the client 2202 making the storage request) to identify alogical group of objects having similar storage policy parameters,similar object types, and/or other similarities. Once a logical group isidentified, the system identifies an archive file utilized by the systemto store the logical group in a dehydrated form. The archive file may belocated in primary data store 2214 or on a secondary cloud storage site115. If a suitable archive file does not already exist in primary datastore 2214 (e.g., because archive files were recently migrated fromprimary data store 2214 to secondary cloud storage sites 115), thesystem may create a new archive file in primary data store 2214 for thelogical group. Alternatively, the system may create a new archive filein a secondary cloud storage site 115 for the logical group.

At optional blocks 2407-2415, the system receives an object identifierand performs a lookup of the object in deduplication database(s) 297 todetermine whether the object store 2250 already has a copy of the objectappropriately stored within the object store. Blocks 2407-2415 areperformed in the same manner as blocks 2305-2315 described previouslywith respect to FIG. 23. If optional blocks 2407-2415 are not performed,the process 2400 proceeds directly to block 2435.

If at decision block 2415 the system determines that object store 2250does have a copy of the object appropriately stored therein, then atblock 2420 the system updates one or more deduplication databases 297 toreflect how the identified archive file refers to previously storedblocks. For example, the system may increase reference counts in aprimary block table. As another example, the system may add additionalentries to a secondary block table within deduplication database 297.For example, if a cloud storage site already has a copy of an objectstored therein, at step 2415, the object store may add in adeduplication database 297 and/or elsewhere, links or URLs to previouslystored blocks. At block 2425, the system may content index the object.To do so, the system may associate the new storage request with contentindexing information previously derived and/or associate the new storagerequest with metadata provided. Alternatively or additionally, thesystem may restore all or part of the data object using the processesdescribed previously and content index a restored data object and/or arestored portion of the data object. The system may store some or all ofthe content index information in the SS index 261 and/or ingestiondatabase 2212. The process then proceeds to block 2430.

At block 2430, the system updates the identified archive file to reflectthe storage request. To do so, the system may (1) add the receivedmetadata to a metadata file (2) add links, references, or pointerswithin the metadata file that point or refer to previously storedblocks, and (3) update a metadata index file. If all of the blocks inthe object were previously stored in an appropriate manner, the systemmay not need to add any additional blocks to a container file. Forexample, if a cloud storage site already has a copy of an object storedtherein, at step 2345, the object store may store in a metadata file,metadata index file, or another container file, links or URLs topreviously stored blocks.

If optional blocks 2407-2415 are not performed or if, at decision block2415, the object store does not have a copy of the object appropriatelystored therein, the process proceeds to the loop shown at block 2450,where the system performs blocks 2440-2470 for each block within theobject. At block 2440, the system receives a block identifier. Atdecision block 2445 the system determines if the system already has anappropriately stored copy of the block by querying one or morededuplication databases 297. During block 2445, the system may performlookups on or otherwise examine one, several, or all deduplicationdatabases 297 within object store 2250 to determine the number ofinstances of the block that are appropriately stored. Alternatively oradditionally, the system sends the received block identifier to one ormore cloud storage sites to see if a copy of the block has already beenstored therein. Thus, the scope of block-level deduplication within anobject store 2250 may be limited or broadened.

If the system does have a copy of the block appropriately stored, thenthe system at block 2450 updates deduplication databases 297 toassociate the current storage request with that block. For example, thesystem may increment a reference count in a primary block table and addan additional entry to a secondary block table. The process thencontinues to block 2455, where the system updates the identified archivefile by (1) adding received metadata to a metadata file and/or (2)adding a link, reference, or pointer within the metadata file thatpoints or refers to a previously stored copy of the block. For example,if a cloud storage site already has a copy of a block stored therein, atstep 2325, the object store may add in a metadata file or anothercontainer file, a link or URL to a previously stored copy. The processthen proceeds to decision block 2470.

If the system does not have a copy of the block appropriately storedtherein, then the system proceeds to block 2460, where the systemrequests a copy of the block from the client 2202. Once the block isreceived, at block 2465, the system stores the block in a container filewithin the identified archive file and otherwise updates the archivefile. For example, the system may update a metadata file 806 with a linkto the newly stored block and with received metadata. The system mayfurther update deduplication databases 297 by adding a new entry to aprimary block table and/or adding an additional entry to a secondaryblock table.

As shown at decision block 2470, the sub-process of blocks 2440-2465repeats so long as there are additional blocks within the object thatrequire processing by the system.

The process 2400 then proceeds to block 2475, where the system contentindexes the object. During content indexing, the system may simply indexthe object using received metadata (e.g., using content tags provided asmetadata by a user). Alternatively or additionally, the system mayrestore all or part of the data object using the processes describedpreviously and content index a restored data object and/or a restoredportion of the data object. The system may store some or all of theindex information in the SS index 261 and/or ingestion database 2212before proceeding to block 2480.

At block 2480, the system updates ingestion database 2212 to reflect theprocessed storage request and received metadata, and returns a URI tothe requesting client 2202.

At optional block 2485, the system may apportion costs among clients ortheir related entities in a manner similar to that described previouslywith respect to FIG. 23. When apportioning costs, the system may utilizea sliding ratio that is selected using criteria such as the size of ashared data object/block, the quantity and/or quality of total datastored on the object store by a particular company or client, the termsof a service contract or agreement between a particular company and anoperator of an object store, storage policy requirements, and/or anyother suitable criteria. In one example, a first client 2202A associatedwith a first company uploads a first object that is new to the objectstore 2250, and later a second client 2202C associated with a secondcompany sends an identifier (e.g., a hash) of a similar second objectand requests storage of the object. The second object is similar to afirst object because it shares a set of blocks in common with the firstobject. In this example, via the process 2400 shown in FIG. 24, a secondupload of the common blocks is avoided. Furthermore, block-leveldeduplication (e.g., at blocks 2440-2465) may reduce the amount of newdata needed to store the second object. In this example, the system mayinitially charge the first company a non discounted first rate for boththe upload of the object (e.g., based on its size) and a non discountedsecond rate for the storage of that object (e.g., based on the object'ssize and the duration and quality of storage used to store it). At alater time, the system may charge the second company a reduced thirdrate for its request to upload the object to reflect cost savingsrealized by avoiding a second upload of common blocks. Additionally oralternatively, the first company may receive a credit or rebate to itsaccount to reflect some or all of the cost savings realized fromavoiding a second upload; this credit or rebate may be for an amountthat is different from the second client's third rate or discount. Afterthe second client requests storage of the second object, so long as bothclients have effective access to the common blocks (e.g., their “virtualcopy” of the common blocks has not been eliminated due to retentionpolicies and the client has not requested deletion of an associatedobject), one or both of the two companies may receive a reduced storagerate for the common blocks.

Process for Cost-Balancing Cloud Storage

FIG. 27 is a flow diagram illustrating a process 2700 for identifyingsuitable storage locations for a set of data objects subject to astorage policy. Process 2700 may be performed by the systems of FIGS. 1,2, 15, 16, 21, and 22 and/or other suitable systems. The process 2700begins at block 2705 when the system accesses the storage policyapplicable to the set of data objects. This storage policy may definedifferent classes of storage devices 115. For example, the storagepolicy might define “first-class storage” as any local storage devicehaving magnetic disk or otherwise faster-access storage media and afirst cloud storage site that satisfies certain criteria (e.g., has highbandwidth for faster uploads and/or downloads and/or utilizes RAID orsimilar methods that improve the fault-tolerance of the site), and“second-class storage” as a second cloud storage site that may havegreater latencies or lower fault-tolerance and any local storage devicehaving magnetic tape or otherwise slower data storage. Additionally, thestorage policy may also define different categories of data objects(e.g. functional categories such as email objects, audio objects, videoobjects, database objects, document objects, etc.) and may requiredifferent classes of storage for each.

At block 2710, the system logically groups the various data objects anddetermines the storage requirements of each group. Typically the systemgroups the set of data objects so that each group requires a particularclass of storage. However, the system may group the various data objectsby any other logical grouping such as groups based around functionalcategories, or to improve the possibility of realizing deduplicationbenefits. The particular grouping used by the system will be chosen toconform to the storage policy. Logical groupings are described ingreater detail herein.

The system may first utilize the storage policy and the management lightindex 245, the management index 211, the SS index 261, the SS lightindex 247, deduplication database 297 and/or metabase 270 to determinethe number of bytes, kilobytes, gigabytes, terabytes or similar unitsrequired to store each individual data object, and any otherrequirements necessary to conform to the storage policy. For example,the system might determine that a particular data object requires 25megabytes of first-class storage. The system may next determine theaggregate storage requirements for each group of data objects. Forexample, the system may determine that a first group of data objectsrequires an aggregate 200 gigabytes of first-class storage and a secondgroup of data objects requires an aggregate 450 gigabytes ofsecond-class storage. The aggregate storage requirements determined bythe system may reflect the effect of deduplication; for example, thesystem may utilize deduplication database 297 to determine the size ofan archive file created in part by block-level deduplication.

The system then performs blocks 2712-2740 for each group of data objectsto determine the appropriate storage location of the various dataobjects in the group. At block 2712, the system identifies the storagedevices 115 (including cloud storage sites 115A-N) that may be suitablyemployed to store the group of data objects. To determine the list ofpotential storage devices 115 (referred to as “candidates”), the systemmay access storage device class definitions in the storage policy. Thesystem may also access data regarding storage devices 115 stored in themanagement index 211, secondary storage computing devices 265 and/orstorage devices 115. For example, if the group of data objects requiresfirst-class storage, the system may query the management index 211 todetermine which local magnetic storage devices 115 have sufficientstorage capacity to accommodate the group of data objects.

At block 2715, the system may transmit a request for quotes to candidatecloud storage sites (which may be operated by independent organizations)identified at block 2712 (or other appropriate types of data storageservice providers accessible via the network). To do so, the system mayinitiate communications via the network agent 235. For example, thesystem will request a quote from each cloud storage site by initiatingan HTTP connection with the cloud storage site and sending the requestvia one or more HTTP messages. This request for quotes may includeinformation such as: the amount of storage space required, a uniqueidentifier associated with the request, an identifier associated with aprior request made or a quote received from the site (e.g., in the caseof a counter offer), information that identifies the system making therequest (or identifies a related entity, such as a billing party), howthe data will be accessed once stored or how often (i.e., accessibilityof data, including desired data transfer rates), a suggested or requiredupload time window or deadline, estimated storage lifetime of theobjects, suggested pricing rate(s), the type of storage medium desired(e.g., tape or optical or magnetic media), maximum pricing rate(s),suggested download, upload, and/or storage pricing rates (and/or apromotional code or similar indicator of a pricing rate package), and/orany other information suitable for requesting a storage quote.

Alternatively, or additionally, the system may obtain estimated storagecosts for one or more cloud storage sites by sending similar requestsfor quotes to one or more third-party sites that provide binding,non-binding and/or informational storage quotes (e.g., a websiteoperated by a data storage dealer-broker or a site that aggregatesinformation regarding cloud storage costs). The format and content ofthe request may be customized to each site and may be dictated by an APIset utilized by a particular cloud storage or third-party site.Alternatively or additionally, the system may estimate the storage costsfor a candidate cloud storage site by accessing historical, projected orother cost information stored within the storage manager 105 orelsewhere in the storage operation cell 150.

At block 2720, the system may receive one or more quotes from one ormore cloud storage and/or third-party sites. For each cloud storagesite, the system may receive no quote, a single quote, or several quotescovering various storage options. Each quote may include informationsuch as: one or more pricing rates, the accessibility of stored data,identifiers or tokens associated with the quote, time windows duringwhich data may be transmitted or retrieved, an acceptance window duringwhich the quote would be honored by the site, etc. The quote may providevarious pricing rates for different types of data operations. Forexample, the quote may specify a first rate for an initial upload to thesite, a second rate for downloads from the site, and a third rate forsearching or accessing the data, a fourth rate for continued storage andmaintenance of the data on the site (e.g., a rate charged for eachgigabyte stored per month), maximum storage space allotted, maximum orminimum storage lifetime; and so forth. The format and content of thequote may be different for each cloud storage or third-party site andmay be dictated by an API set (or similar) utilized by a particularcloud storage or third-party site. The system may perform additionalblocks, such as data extraction, to create a uniform set of data for allof the received quotes.

At optional block 2725, the system may access other historical orprojected data pertaining to storage device candidates, includingoptical, tape or magnetic disk storage device candidates located locallywithin the storage operation cell 150. In some embodiments, the systemmay access historical or projected operating costs of each candidatethat may be stored in management index 211, secondary storage computingdevices 265, or elsewhere in the storage operation cell 150. In stillother embodiments, the system may access data relating to: current orprojected power consumption, current or projected power rates,acquisition cost of the storage devices, mean operating time, meanrepair time, mean data access rates, or similar performance and costmetrics that may be stored in the management index 211, secondarystorage computing devices 265 or elsewhere.

At block 2730, the system may evaluate the cost of storing the group ofdata objects on some or all of the storage device candidates (the“storage cost”). The storage cost associated with a particular storagedevice may refer simply to the estimated monetary expense associatedwith uploading the group of data objects to the storage device and/ormaintaining it there for its estimated lifetime (or other time period).

Alternatively or additionally, the “storage cost” of a certain storagedevice candidate may refer more generally to the value of a numericalcost function that may take into account several variables.Non-exclusive examples of cost function variables include: historical orprojected information pertaining to storage device candidates; anyquoted pricing rates; the amount of storage required; the network loadassociated with uploading and/or downloading the data to a site;projected data access costs; other accessibility metrics; sitereliability, quality or reputation; geographical location of acandidate; mean operating time; mean repair time; mean data accessrates; or similar performance and cost metrics. Some of these variablesmay be a single value variable, still others may be set or matrixvariables. In some embodiments, the system may evaluate or calculate oneor more storage related metrics as described in the commonly assignedU.S. patent application Ser. No. 11/120,662, now U.S. Pat. No.7,346,751, entitled “SYSTEMS AND METHODS FOR GENERATING ASTORAGE-RELATED METRIC”, U.S. application Ser. No. 11/639,830, filedDec. 15, 2006, entitled “System and method for allocation oforganizational resources”, U.S. application Ser. No. 11/825,283, filedJul. 5, 2007, entitled “System and method for allocation oforganizational resources”, which are hereby incorporated herein in theirentirety. which is hereby incorporated by reference in its entirety.Such storage metrics may also be utilized as variables within a costfunction.

The system may evaluate a cost function as follows. First, the systemmay mathematically transform the cost function variables to create asecond set of intermediate variables (e.g., to normalize the variables).Each variable may be subjected to a different transformation. Thetransformations may be a linear transformation (including an identitytransformation) or non-linear transformation. The transformations mayalso be invertible or non-invertible transformations. Non-exhaustiveexamples of transformations include:

-   -   scaling the variable (by a constant);    -   raising the variable to a power;    -   taking a logarithm of the variable;    -   applying a ceiling or floor mapping to the variable (i.e.,        quantization);    -   reducing a set variable to its mean value, variance or other        moment.        The transformation applied to a cost function variable may also        merge a number of these suitable transformations. Second, the        system may evaluate the cost function by mathematically        combining the various intermediate variables. The combination        may be a linear combination or a non-linear combination.        Non-exclusive examples of combinations include any polynomial of        the intermediate variables, including a simple summation of the        various intermediate variables. Often, a cost function is a        weighted summation of various cost function variables.

The system evaluates the same cost function for each storage devicecandidate and each group of data objects. However in other embodiments,the system may utilize different cost functions for different groups ofdata objects. In still other embodiments, the system may utilizedifferent cost functions for different types of storage devices (e.g.,there may be one cost function for optical media devices, another fortape media devices, and yet another for cloud storage sites). The costfunction(s) and their associations with particular groups or storagemedia types may be defined in the storage policy or elsewhere.

At block 2735, the system compares the costs associated with the variouscandidate storage devices. For example, the system compares thesevarious costs to identify one or more candidates (“identified devices”or “sites”) having an associated cost that is lower than the othercandidates. If more than one storage site is identified, the system maydivide the group of data into one or more subgroups, and associate eachwith an identified site. However, in some embodiments, the system mayalso compare these costs to make other types of determinations. Forexample, the system may select identified sites using criteria otherthan minimizing associated cost. As another example, the system maycompare the costs to ensure that at least one candidate satisfies aparticular criteria, such having an associated cost that falls below aspecified maximum value (that may be defined in the storage policy).Depending on the results of these determinations, the system may repeatsome or all of blocks 2710-2735 using different quote parameters,different groupings, and/or different cost functions and/or may takeother actions such as notifying an administrator. For example, in someembodiments, the system may repeat block 2715 by making another round ofquote requests to some cloud storage sites that includes lower suggestedor maximum rates (counteroffers to the first set of quotes).

At block 2740, the system may transmit instructions to the jobs agent220 (or other component) regarding the identified storage location ofthe group of data objects (or if the group has been subdivided, theidentified storage location of each subgroup of data objects). Forexample, the system transmits instructions to the jobs agent 220 tomigrate or transfer the data objects of the group or subgroup to itsidentified storage location. In some embodiments, the system may alsotransmit other information to the jobs agent 220 regarding themigration/transfer of the data objects. For example, the system maytransmit a token or other identifier associated with a winning quoteand/or may transmit information regarding the schedule of datamigration/transfer. In some embodiments, the system may instead instructa secondary storage computing device 265 or other system componentregarding the identified storage location of a group or subgroup of dataobjects.

Process for Scheduling Cloud Storage Requests

FIG. 28 is a flow diagram illustrating a process 2800 for schedulingcloud storage requests received from auction clients; the process 2800may be performed by an auction service component (not shown) formingpart of a cloud storage site 115A-N or any other suitable system (e.g.,a component of a cloud storage brokerage site). An auction client may bea component of a storage manager 105, a secondary storage computingdevice 165, or any other device seeking cloud storage. For simplicity,the process refers to requests for an upload of data from an auctionclient (or related device) to a cloud storage site 115A-N; however,auction clients may make requests for any type of cloud storageoperation that requires system resources from a cloud storage site(e.g., downloading data or searching the contents of stored data).

In this process 2800, the auction service evaluates requests fromauction clients to upload data to the cloud storage site. The auctionservice may respond to some or all auction clients with a quote fortheir requested upload (“a quoted job”). Those requests that do notreceive a quote in response may be queued for additional evaluationlater (“queued requests”). If a quote is accepted by an auction client,the upload may be added to a list of “scheduled jobs.” Once a job isscheduled, other components within the cloud storage site (e.g., fileservers) may accept the associated upload during its scheduled uploadwindow.

The process 2800 begins at block 2805, when the auction servicedetermines the current system capacity and applicable quotationpolicies. In particular, auction service may access capacity policies,scheduled or quoted jobs, queued requests, quotation policies, and/orother information about system capacity and pricing. A “capacity policy”is generally a data structure or other information source that includesa set of preferences and other criteria associated with allocatingsystem resources. The preferences and criteria may include, the systemresources (e.g., data transfer volume or bandwidth) available forauction during specified periods, scheduled maintenance windows, and thecurrent storage capacity available on particular servers or devices. Theauction service may also determine the system resources required forjobs already scheduled or quoted. Using this information, the auctionservice may determine the available system resources available forproviding new quotations.

The auction service may also access a quotation policy. A “quotationpolicy” is generally a data structure or other information source thatincludes a set of preferences and other criteria associated withgenerating a quote in response to auction client requests. Thepreferences and criteria may include, but are not limited to: a revenuefunction; a pricing function; pricing rate tables; codes and schedulesassociated with marketing promotions; a list of preferred and/ordisfavored auction clients; current system capacity; classes or qualityof storage; retention policies; upload time periods; datacharacteristics; compression or encryption requirements; the estimatedor historic cost of storage, including the cost of power. A “revenuefunction” is generally a description of how the auction service maynumerically evaluate the projected revenue (and/or other benefits) thatwould be generated by one or more auction client requests. A “pricingfunction” is generally a description of how the auction service maygenerate the various values (e.g., pricing rates) associated with aresponsive quote.

At block 2810, the auction service may receive one or more new requestsfrom auction clients seeking cloud storage. The request may includevarious information such as: a unique identifier that the auction clienthas associated with the request; an identifier associated with a priorrequest made or a quote received from the site (e.g., in the case of acounter offer); information that identifies the auction client makingthe request (or identifies a related entity, such as a billing party);the amount of storage space desired; how the data will be accessed oncestored (e.g., accessibility of data, including desired data transferrates); suggested or required upload window; estimated storage lifetimeof data; the type of storage medium desired (e.g., tape or optical ormagnetic media); suggested download, upload, and/or storage pricingrates (and/or a promotional code or similar indicator of a pricing ratepackage); and/or any other information suitable for requesting cloudstorage. The format and content of the request will typically conform toa specified API or similar convention employed by the auction service.

Although not shown, during block 2810, the auction service mayauthenticate each of the requests and/or auction clients to ensure thateach request is from a valid auction client. This authentication mayhappen via any acceptable method, including the use of passwords orsecurity certificates. Those requests that cannot be authenticated maybe discarded by the auction service without further consideration.

At block 2815, the auction service evaluates queued and new requests(collectively the “pending requests”) and generates responsive quotes.To do so, the auction service may first identify those requests thateither (1) do not satisfy minimum requirements specified by thequotation policy, or (2) cannot be accommodated due to a lack of systemresources. Typically, the auction service will reject such requests byremoving them from the list of pending requests. However, the auctionservice may also (1) send a quote with terms different from thoserequested (e.g., with higher rates or with a different scheduled uploadwindow) in order to conform to the quotation policy, (2) send anexplicit rejection of the request to the auction client, (3) queue therequest for later evaluation, and/or (4) take another appropriateaction.

At 2815, the auction service may next identify which remaining pendingrequests should receive quotes and generate quotes. The auction servicewill apply the preferences and criteria specified in the quotationpolicy described previously to determine which “winning” requests shouldreceive responsive quotes. In some embodiments, the auction service willchoose the set of requests that results in a maximum combined value of arevenue function. Those pending requests that do not receive quotes willtypically be queued by the auction service for later evaluation, but theauction service may also (1) send an explicit rejection of a request tothe auction client, (2) remove it from the list of pending requests,and/or (3) take another appropriate action.

For each winning request, the auction service will generate a responsivequote. Quotes generated may specify: the unique identifier that theauction client has associated with the request; various pricing ratesfor different types of data operations (e.g., a first rate for aninitial upload to the site, a second rate for downloads from the site,and a third rate for searching or accessing the data, a fourth rate forcontinued storage and maintenance of the data on the site (e.g., a ratecharged for each gigabyte stored per month)); maximum storage spaceallotted; maximum or minimum storage lifetime; the accessibility ofstored data; time windows during which data may be transmitted to thesite or retrieved; etc. Each quote will typically include a token orother identifier associated with the quote and may specify an acceptancewindow during which the quotation will be honored by the site. Theauction service generally applies the preferences and criteria specifiedin the quotation policy described previously (including a pricingfunction) to determine the values given in the quotes. For example, thepricing function may require the auction service to specify upload andstorage rates associated with a marketing promotion, even if the clientrequest proposed higher pricing rates. However, in some embodiments, theauction service may simply utilize in its quote some or all of thevalues proposed in the request.

At block 2820, the auction service sends a copy of the generated quotesto auction clients. In response, each auction client may send anotherrequest (e.g. a “counteroffer”), may send an indication of acceptance ofthe quote and/or may take no action in response.

At block 2825, the auction service may receive an indication ofacceptance of one or more quotes. For each accepted quote, the auctionservice may add the associated upload to the list of scheduled jobs sothat other system components will accept the upload. For example, theauction service only adds an upload to the list of scheduled jobs if theacceptance is received within the specified acceptance window. If theacceptance is received outside of this window, the auction service maytreat the acceptance as it would a new request and repeat some or all ofthe previous blocks.

Process for Encrypting Files within Cloud Storage

As described previously with respect to FIG. 3B, when a system migratesor copies data to secondary storage, including secondary cloud storage,the system may encrypt the data before or after a secondary copy orarchival copy is created. When data is encrypted prior to migrating orcopying data to secondary storage, the encryption enhances the “at-rest”security of files stored within a cloud storage site 115A-N, by reducingthe risk of unauthorized access to the files' content. In suchimplementations, it may be desirable to store encryption keys (and/orother information necessary to decrypt files) within the storageoperation cell 150, not within the cloud storage site 115A-N used tostore the encrypted files. In this way, even an operator of a cloudstorage site may not breach the security of an encrypted file. If localencryption occurs within the storage operation cell 150 prior to copyingor migrating data to a cloud storage site 115A-N, the encryption keys orsimilar encryption information may easily be stored within storageoperation cell (e.g., within a local index or database of the storageoperation cell or a different storage device 115). Alternatively, iflocal encryption is performed within a storage operation cell 150, thestorage operation cell 150 may “scramble” encryption keys and store thescrambled keys with the encrypted files. This method provides some levelof protection against intrusions, even intrusions by the operator of acloud storage site. Further details may be found in U.S. PatentPublication No. US2008-0320319A1 referenced above.

In some circumstances, however, decrypted files may be stored within acloud storage site 115A-N without first encrypting the files within thestorage operation cell 150. In such circumstances, it may be desirableto later encrypt the files stored on the cloud storage site to protectthose files thereafter.

FIG. 29 illustrates a process 2900 for encrypting files stored within acloud storage site 115A-N. The process may be performed by cloud storagesubmodule 236, or any other suitable system component. The processbegins at block 2910, when cloud storage submodule 236 receives arequest to encrypt a file located on a target cloud storage site. Forexample, cloud storage submodule 236 may receive an indication of whichtarget files within a target cloud storage site should be encrypted.Cloud storage submodule 236 may also receive an indication of whichencryption method should be utilized, one or more encryption keys and/oradditional information.

At block 2915, cloud storage submodule 236 determines if the type ofencryption method requested is supported by the API provided by theoperator of the target cloud storage site 115A-N. If it is not, theprocess proceeds to block 2940. Otherwise, the process 2900 proceeds toblock 2930, where cloud storage submodule utilizes the mapping describedherein to generate vendor-specific API calls to encrypt the originalfile. The process then returns.

If the target cloud storage site API does not support the desired typeof encryption, the process 2900 proceeds instead to block 2940. At block2940, cloud storage submodule 236 utilizes its mapping described hereinto generate and send a vendor-specific API call to download the file tothe cloud storage submodule, or another component of the storageoperation cell 150. At block 2945, the downloaded file is encryptedlocally (e.g., by a component of storage operation cell 150 configuredto perform encryption, such as a secondary storage computing device165). At block 2950 cloud storage submodule utilizes its mappingdescribed herein to generate and send vendor-specific API calls tooverwrite the original file with an encrypted version. For example,cloud storage submodule may utilize vendor-specific API calls that openthe original file for writing, write the contents of the encryptedversion of the file to the original file, and close the original file.Alternatively, cloud storage submodule 236 may utilize vendor-specificAPI calls to create a new file on the target cloud storage site 115A-N,write the contents of the encrypted version of the original file to thenew file, close the new file, and delete the original file.

Protecting Remote Office and Branch Office (ROBO) Data

In one example, the systems described herein may be utilized to protectremote office and branch office (ROBO) data. In some implementations, asubset of clients 130 may be “remote clients” who are geographicallyseparated from other components of an associated storage operation cell150. Remote clients 130 may only be connected to other components of anassociated storage operation cell 150 via a WAN such as the Internet dueto a physical separation between the remote client 130 and other systemcomponents. One intuitive example of a remote client 130 is a laptopcomputer utilized by a traveling employee: when the employee istraveling, she will be geographically separated from their company'smain storage operation cell 150.

In such implementations, a remote client 130 may include a media filesystem agent 240, including a cloud storage submodule 236, to permitdata agents 195 on the remote client to directly write data to a cloudstorage site 115A-N (e.g., over a network connection established by anHTTP client subagent). For example, in this manner a remote client 130may directly mirror data to cloud-based storage for disaster recoverypurposes and/or to comply with other system-level data retentionpolicies. In accordance with system-wide storage and schedulingpolicies, other system components (e.g., jobs agent 220) may instruct aremote client 130 regarding when and how to perform a remote storageoperation. Additionally, a remote client 130 may provide informationregarding a storage operation made in this manner to other systemcomponents, so that those system components may update the varioussystem-wide indices and databases to reflect the storage operation. Forexample, client 130 may provide storage manager 105 with informationthat is sufficient for storage manager 105 to update management index211, management light index 245, SS index 261, SS light index 247, anddeduplication database 297.

In such implementations, the system may avoid routing data slated forcloud storage through a secondary storage computing device 165, therebyconserving system resources (e.g., the bandwidth of a secondary storagecomputing device). Such implementations preserve the ability of thestorage cell 150 to perform upon all data, including data generated byremote clients 130: policy-driven storage, ILM, content indexing, datarestoration, and searching.

In some implementations, a group of clients 130 may be geographicallyseparated from most of the system components of an associated storageoperation cell 150 but may not be geographically separated from one ormore locally accessible secondary storage computing devices 165. Forexample, a group of clients (e.g. a group of clients associated with aparticular branch office of a company) may be connected to a locallyaccessible secondary storage computing device 165 over a LAN, but may beconnected to other components (e.g. storage manager 105, storage devices115, other secondary storage computing devices 165) only over a WAN likethe Internet. In such implementations, the group of clients 130 may copyor migrate data to a locally accessible secondary storage computingdevice, which may in turn write this data to a cloud storage site 115A-Nin accordance with applicable system-wide storage and schedulingpolicies.

Thus the locally accessible secondary storage computing device 165 maymirror data from a branch office directly to cloud-based storage fordisaster recovery purposes and/or to comply with other data retentionpolicies, without first routing that data over a WAN to other systemcomponents. Additionally, a locally accessible secondary storagecomputing device 165 may provide information regarding a storageoperation made in this manner to other system components, so that thosesystem components may update the various system-wide indices anddatabases to reflect the storage operation. For example, a locallyaccessible secondary storage computing device 165 may provide storagemanager 105 with information that is sufficient for storage manager 105to update management index 211, management light index 245, SS index261, SS light index 247, and deduplication database 297. Suchimplementations preserve the ability of the storage cell 150 to performupon all data, including data generated by remote clients 130:policy-driven storage, ILM, content indexing, data restoration, andsearching.

Alternatively or additionally, a group of clients may be connected to alocally accessible cloud gateway 1540 over a LAN, but may be connectedto other system components only over a WAN. In such implementations, thelocally accessible cloud gateway 1540 may provide the same functionalityof a locally accessible secondary storage computing device 165 describedin this section, in addition to other cloud gateway functionalitydescribed herein.

CONCLUSION

IT organizations continue to deal with massive unstructured data growth,stronger regulatory requirements and reduced budgets. To meet the needsof more stringent data retention requirements and faster RTO's, manyusers have over provisioned low-cost disk storage which, combined withnon-integrated data management products, creates inefficient storageinfrastructures resulting in high operating costs. In fact, many datacenters have reached a limit where there is no power or real estate leftto continue expanding.

Today's IT organizations are struggling to keep pace with multiplefactors that are starting to severely impact the ways that they protect,manage and recover their business-critical data, data that isincreasingly located in remote offices and on user laptops/desktops,outside of core IT facilities. Relentless, ongoing data growth acrossthe enterprise, often growing at 30-50% per year ensures that somestorage teams are looking at a doubling of capacity requirements every18 months. Increased government regulation around data retentionpolicies adds to the burden, often requiring that critical data be keptfor years or even decades. Further, many IT organizations worldwide arebeing forced to justify not only incremental spending, but also justifytheir existing expenses and/or headcount in the face of potential budgetcuts.

Cloud storage sites represent an increasingly viable option to managethe growing bodies of data. They promise lower costs through betterutilization and management of the underlying storage infrastructure.Cloud-based storage also eliminates the need to buy lots of sparecapacity in anticipation of future storage growth, enabling companies to“pay as you grow”. Further cloud-based storage enables IT organizationsto minimize investment in new Data Center capacity, and extends the lifeof their existing investment in both building and computinginfrastructure.

However leveraging cloud-based storage can be challenging for someorganizations for a variety of reasons. First is the inherent complexityassociated with managing two sets of infrastructure, one physical andon-premise and another online in the virtual storage cloud. Thisduplication of effort extends across a number of crucial aspects of datamanagement including: Backup, Archive, Reporting and search/eDiscovery.There are challenges often associated with taking full-advantage ofcloud-based storage. The first is complexity associated with moving datainto and out of the cloud. Gateway appliances are often expensive,complex and represent a short-term fix that can aggravate infrastructuremanagement challenges as the use of cloud-based storage grows. A relatedconcern is the amount of data being moved to and managed within cloudstorage. This not only impacts the ongoing service charges, which areoften priced on a per-GB basis but also impacts the ability to meetbackup windows over limited bandwidth. Data security and reliability arecritical both from a data integrity perspective as well as to ensurethat a company's critical data is not accessed by unauthorized parties,even including individuals working for a cloud-storage provider.Further, companies don't want to be locked in to a single vendor when itcomes to data stored in the cloud. So data portability becomes critical,along with the ability to choose from among a variety of providers forspecific performance and pricing requirements.

The systems herein permit policy-driven storage that defines what datastays on-premise and what moves to the cloud. Storage policies mayconsider “data value” determined from factors such as (a) accessrequirements, (b) latency requirements, and (c) corporate requirementsincluding: how recently was the data accessed, how often was the datarequired over a given time period, such as the last 12 months, how manyend-users/applications required access to the data in the last 12months, how quickly will the data need to be restored, what downstreamapplications/processing are dependent on the data, whether the dataneeds to be identified and pulled in/put on Legal Hold for an eDiscoveryrequest, whether the data contains corporate trade secrets or IP,whether the data might be considered highly sensitive (e.g., legalcommunication, or social security numbers).

The systems and methods described herein provide integrated datamanagement platforms that address a wide variety of data managementneeds. The systems and methods herein may deliver unified datamanagement from a single console. When combined with cloud storage, aseemingly unlimited storage pool, these systems and methods may offerusers lower operating costs, ensure disaster recovery, while improvinglong-term compliance management.

The systems described herein provide a unified data management platformthat may be built on a single codebase or as a unified application, withmodules or agents for backup and recovery, archive, replication,reporting, and search/eDiscovery. These systems may provide automated,policy-based data movement from local, deduplicated copies into and outof cloud storage environments—all from the same centralized console.This incremental approach to data management may permit organizations toleverage the economics of cloud-based storage.

The systems and methods described herein may result in various otherperformance advantages. For example, these systems and methods mayreduce administrative and storage overhead for infrequently-accesseddata in a data center by automatically tieringolder/infrequently-accessed data in a data center to more efficient,lower-cost cloud-based storage, freeing up existing capacity toaccommodate ongoing data growth.

Integrated deduplication ensures that unique (or semi-unique) datasegments are stored “in the cloud”, minimizing costs associated withredundant data across backups and archive. Block-based datadeduplication and replication reduce network bandwidth requirements tominimize network costs and backup windows. Deduplication also reducesongoing storage costs up to 75%, minimizing operational expenses acrossthe entire lifespan of the data being retained

The systems described herein may permit a better data encryptionapproach to meet applicable requirements. A user may protect datastarting from the source with in-stream encryption, and then extendencryption to data “at-rest”. This ensures that not only is a userprotected during data migration, but also from unwarranted access ofdata already on the cloud. Because the data encryptions are controlledby a company's IT team, data is safe even from unintentional access by acloud storage providers' IT staff.

By providing encryption of data in-flight and at-rest data, the systemsand methods help protect data, even from cloud storage site operators.Built-in data encryption and verification technology ensures data hasbeen securely and safely written to the cloud without errors. Encryptionof data at-rest helps ensures that only appropriate personnel have fullaccess to readable data, no matter where it's stored.

The systems herein are designed to work with a wide variety of storagepartners, both physical and a growing number of cloud-based storageproviders. Today these include Amazon's S3, Microsoft Azure, NirvanixSDN with upcoming support for Iron Mountain and Rackspace. This openapproach ensures that additional cloud-storage vendors will continue tobe added in the future to increase the choices available.

The systems described herein may deliver a seamless solution fordata-aware movement into cloud storage to help reduce overall complexityand costs. Lack of a native cloud-storage connector often requirescomplex scripting, adding both time and risk to moving data into thecloud. Using gateway appliances can present an ongoing and growingmanagement burden as cloud-storage use increases. An integrated approachsuch as that described herein eliminates the costs and risk associatedwith either approach. Integrated data management of both local storageand cloud storage from a single console minimizes administrativeoverhead and the need for specialized gateway appliances. The systemsdescribed may also be readily configured to support an expanding list ofindustry-leading cloud providers to provide flexibility and choice forhow to host cloud-based data immediately and in the future. Nativeintegration with REST/HTTP protocols seamlessly extends data managementto the cloud without the need for scripting or specializedvendor-specific gateway appliances.

A highly efficient platform automates the movement of data acrosssystems from a variety of storage vendors, and across different types ofstorage devices including disk, tape, CAS, VTL, optical—and now cloudstorage. By integrating these functions together, users can leverage oneinterface to manage one data management suite across a virtual sharedstorage environment. Moving data into and out of the cloud using thesystems herein is as easy as moving data between any 2 data storagetiers. For existing users, this can be done in as little as 3 steps:choosing one or more cloud-storage sites, setting up a storage servicesimilar to what a user would do to add disk-based storage, and addingthe new cloud-based storage to existing backup and/or archive policiesand data paths.

As data management expands to beyond a physical infrastructure, and intothe cloud, legal and reporting requirements continue to grow as well.The systems described herein may offer at least four key benefits forsearch/eDiscovery:

1. Indexes of all data retained can be kept on-premise. This enables auser to retain control of the most critical and sensitive aspects ofinformation management, and ensures that content indexes are accessibleonly to designated personnel within an organization.

2. Since the indexes are searchable locally, there is no latency withregards to data that may be retained in the cloud over a number of yearsor even decades. This reduces the amount of time and data required by acompany's legal and/or IT teams.

3. Only the specific data required for eDiscovery requests is restoredback from the cloud. This saves on bandwidth, the time needed for datarestore and minimizes the data retrieval costs charged by acloud-storage vendor.

4. Global indexing of all relevant data, from the Data Center to remotesites, mobiles users and cloud-based data. This ensures that a companyhas a global view of all their data, so that a company can also avoidthe legal and financial risks associated with incomplete responses toeDiscovery requests

Integrated content indexing done prior to tiering to the cloud, ensuresthat administrators can do fast searches on a local index and retrieveonly specific data that meets the search criteria.

A variety of data reduction techniques can also be used to minimize theamount of data sent to the cloud, and minimize the cloud-based capacityusage. Block-based deduplication reduces backup and archive times anddata volumes by filtering out redundant data before it reaches thecloud. This can be done in a data center or even at remote sites,depending on the system configuration. Additional data managementapproaches such as incremental backups and data compression at thesource can further reduce the amount of data in-transit and at-rest.

As data volumes continue to increase, many companies find themselvesbumping up against the capacity, cooling or power limitations of theirexisting data centers. Meanwhile they're now required to keepevery-growing amount of data as mandated by their corporate legal staff,acting under the aegis of governmental regulation. This 3-way balancingact between capacity, compliance and cost requires a flexible approachto data management that requires a multi-tier approach that extends tocloud-based storage. The systems described herein may be used for anend-to-end approach to tiering a combination of data from within thedata center, from remote offices and from individual employeesworldwide.

A second use case of the described systems centers around protectingdata outside of the Data Center and storing it in the cloud. Thisenables the central IT team to control the movement and management ofdata along with defining the appropriate data retention and recoverypolicies.

Data from remote offices (and even end-users/employees if configured)can be backed up directly to cloud-based storage, eliminating the needto migrate the data to the data center first, and then migrating thedata again to the cloud. In other cases, data may be mirrored tocloud-based storage for Disaster Recovery purposes as well for long-termdata retention. As data ages past retention requirements it can beautomatically deleted in the cloud, creating ongoing savings in capacityutilization charges.

Because data is managed just the same as if were stored in a core datacenter, Storage Reporting and Management (SRM) can be easily used tomonitor, analyze and monitor data across the enterprise regardless ofwhether it stored in the cloud, in a core data center or in remoteoffices or other locations.

The systems and methods described herein may provide the followingbenefits and features, inter alia:

-   -   Ensuring data security when: data is in transit, both to and        from the cloud and when data is at-rest (including security from        service-provider personnel).    -   Portability, by permitting a user to easily move data back from        the cloud if required, and to move data quickly between        cloud-based storage providers, to improve price and performance.    -   Restoring data quickly and directly from any physical or        cloud-based storage tier.    -   Configuring data management policies so that most frequently        accessed data is more easily and quickly retrieved when        required.    -   Matching network bandwidth capacities to data's RTO (recovery        time objective) requirements.    -   Archiving data to the cloud, including setting up automated        retention and deletion policies.    -   Easily configurable global reporting of all data (physical and        in-the-cloud).    -   Easily and securely extending cloud-based data management to        include search/eDiscovery.

Unless the context clearly requires otherwise, throughout the detaileddescription and the claims, the words “comprise,” “comprising,” and thelike are to be construed in an inclusive sense (i.e., to say, in thesense of “including, but not limited to”), as opposed to an exclusive orexhaustive sense. As used herein, the terms “connected,” “coupled,” orany variant thereof means any connection or coupling, either direct orindirect, between two or more elements. Such a coupling or connectionbetween the elements can be physical, logical, or a combination thereof.Additionally, the words “herein,” “above,” “below,” and words of similarimport, when used in this application, refer to this application as awhole and not to any particular portions of this application. Where thecontext permits, words in the above Detailed Description using thesingular or plural number may also include the plural or singular numberrespectively. The word “or,” in reference to a list of two or moreitems, covers all of the following interpretations of the word: any ofthe items in the list, all of the items in the list, and any combinationof the items in the list.

The above Detailed Description of examples of the invention is notintended to be exhaustive or to limit the invention to the precise formdisclosed above. While specific examples for the invention are describedabove for illustrative purposes, various equivalent modifications arepossible within the scope of the invention, as those skilled in therelevant art will recognize. While processes or blocks are presented ina given order in this application, alternative implementations mayperform routines having blocks or steps performed in a different order,or employ systems having blocks in a different order. Some processes orblocks may be deleted, moved, added, subdivided, combined, and/ormodified to provide alternative or subcombinations. Also, whileprocesses or blocks are at times shown as being performed in series,these processes or blocks may instead be performed or implemented inparallel, or may be performed at different times. Further any specificnumbers noted herein are only examples. It is understood thatalternative implementations may employ differing values or ranges.

The various illustrations and teachings provided herein can also beapplied to systems other than the system described above. The elementsand acts of the various examples described above can be combined toprovide further implementations of the invention. Some alternativeimplementations of the invention may include not only additionalelements to those implementations noted above, but also may includefewer elements.

All patents and applications and other references noted above, includingany that may be listed in accompanying filing papers, are incorporatedherein by reference in their entireties. Aspects of the invention can bemodified, if necessary, to employ the systems, functions, and conceptsincluded in such references to provide further implementations of theinvention.

These and other changes can be made to the invention in light of theabove Detailed Description. While the above description describescertain examples of the invention, and describes the best modecontemplated, no matter how detailed the above appears in text, theinvention can be practiced in many ways. Details of the system may varyconsiderably in its specific implementation, while still beingencompassed by the invention disclosed herein. As noted above,particular terminology used when describing certain features or aspectsof the invention should not be taken to imply that the terminology isbeing redefined herein to be restricted to any specific characteristics,features, or aspects of the invention with which that terminology isassociated. In general, the terms used in the following claims shouldnot be construed to limit the invention to the specific examplesdisclosed in the specification, unless the above Detailed Descriptionsection explicitly defines such terms. Accordingly, the actual scope ofthe invention encompasses not only the disclosed examples, but also allequivalent ways of practicing or implementing the invention under theclaims.

1. A system to provide cloud-based data management services, wherein thesystem is communicatively coupled to multiple client computers via atleast one network, and wherein the system is communicatively coupled tomultiple cloud storage sites, the system comprising: an object servernode, including a secondary storage computing device, configured tocreate, on multiple, different cloud storage sites, secondary copiesfrom logical groups of data objects, wherein the object server nodefurther comprises— an object server agent configured to: receive dataobjects from the multiple client computers; and provide a web-basedinterface to the multiple client computers to permit the multiple clientcomputers to write, read, retrieve, and manipulate the data objectsreceived by the object server agent and stored as secondary copies ofthe data objects on the cloud storage sites; a data ingestion databaseconfigured to record information about each data object received by theobject server agent from the multiple client computers, wherein therecorded information for each data object includes two or more of thefollowing: a unique token or universal resource identifier thatidentifies the data object; a client computer or a user from which thedata object was received; a sub-client identifier that identifies alogical container and associated storage policy parameters that dictatehandling or management of data objects within the logical container; alocation of an instance of the data object within the multiple cloudstorage sites; a location of deduplication information pertaining to thedata object; and a cryptographically unique identifier for the dataobject; and wherein the secondary storage computing device is furtherconfigured to perform at least one of the following operations beforecopying the logical group of data objects to at least one of the cloudstorage sites— content indexing each data object in the logical group;performing deduplication on the data objects in the logical group; andencrypting the data objects in the logical group; wherein the objectserver node provides a REST interface for the multiple client computers;wherein the object server node includes a first set of networkconnections to the multiple client computers, wherein the multipleclient computers lack a dedicated data agent or network client agentconfigured to communicate with the object server node, but the multipleclient computers instead communicate with the object server node usingstandard client-based communication components including existing localarea network (LAN) protocols or existing wide area network (WAN)protocols, and wherein the object server node includes a second,different set of network connections to the multiple cloud storage sitesusing existing LAN protocols or existing WAN protocols.
 2. The system ofclaim 1, further comprising: a primary data store configured totemporarily cache data objects received by the object server agent fromthe multiple client computers; and wherein the data ingestion databaseincludes information regarding a location of the data object within theprimary data store, and a time the data object was received by theobject server agent.
 3. The system of claim 1 wherein the object servernode includes multiple sub-clients that represent logical containersassociated with separate customers or separate client computers, andwherein the object server node includes a file system to track all dataobjects stored by the object server node at the multiple cloud storagesites, but the object server node, via access control lists or accesscontrol entities, exposes to each separate customer or client computeronly a subset of the data objects belonging to that separate customer orclient computer.
 4. The system of claim 1 wherein the object server nodeincludes multiple sub-clients that represent logical containers, andwherein at least some sub-clients include multiple logical storage sitesthat each correspond to a logical data ingestion point for at least someof the multiple client computers, and correspond via a URL or webdirectory, to one of the multiple cloud storage sites, and wherein theone cloud storage site is a cloud storage site logically reserved forproviding data storage resources to a particular customer or company. 5.The system of claim 1 wherein the object server node includes multiplesub-clients that represent logical containers, wherein each logicalcontainer includes associated storage policy parameters that describehandling or management of data objects within the logical container. 6.The system of claim 1 wherein the system includes another object servernode, wherein each object server node stores data objects having certainfile types or file characteristics, wherein the file types or filecharacteristics are selected from the group consisting of: text-basedapplication files, image-based application files, audio-basedapplication files, and video-based application files.
 7. The system ofclaim 1 wherein the system includes another object server node, whereineach object server node stores data objects having certain file types orfile characteristics, wherein the file types or characteristics areselected from the group consisting of: documents, email objects, andmedia objects.
 8. A method for managing a storage request from arequesting client computer to store a data object by an object storesystem, wherein the object store system is communicatively coupledbetween the client computer and one or more cloud storage sites via atleast one network, the method comprising: receiving a request to storethe data object, and receiving an identifier for the data object andmetadata associated with the data object; determining one or morestorage policy parameters applicable to the data object; based on thereceived identifier, determining if the system currently has the dataobject stored in a manner consistent with the storage policy parametersapplicable to the data object, and— if the system currently has the dataobject stored in a manner consistent with the storage policy parametersapplicable to the data object, then: updating a deduplication databaseto associate previously stored blocks with the received request to storethe data object, storing the received metadata, and storing in a localdata store one or more references to at least one of: (1) a stored copyof the data object, and (2) constituent blocks that form a stored copyof the data object; if the system does not currently have the dataobject stored in a manner consistent with the storage policy parametersapplicable to the data object, then: requesting a copy of the dataobject from the client computer, receiving a copy of the data object,and storing the received data object and metadata in the local datastore; aggregating the data object and the received metadata stored inthe local data store into a logical group of data objects, wherein thelogical group of data objects include additional data objects from thelocal data store, and wherein the additional data objects are logicallyrelated to the logical group; and directing storage of the logical groupof data objects, as a secondary copy, within the one or more cloudstorage sites.
 9. The method of claim 8, wherein when the system doesnot currently have the data object stored in a manner consistent withthe storage policy parameters applicable to the data object, then:performing content indexing of content within the data object; andencrypting or compressing the data object.
 10. The method of claim 8,further comprising: performing deduplication of the data object usingone or more of the following deduplication methods: block-leveldeduplication, and sub-object-level deduplication; and directing storageof the logical group of data objects into an archive file within aspecified one of multiple cloud storage sites.
 11. The method of claim8, further comprising: when the system currently has the data objectstored in a manner consistent with the storage policy parametersapplicable to the data object, then updating a deduplication database toassociate previously stored blocks with the received request to storethe data object.
 12. The method of claim 8, further comprising: charginga user of the client computer, or an entity associated with the clientcomputer, for the data storage request on a subscription basis, a volumebasis, or a mixed subscription/volume basis.
 13. The method of claim 8,further comprising: charging a user of the client computer, or an entityassociated with the client computer, for the data storage request basedon periodic subscription fees for unlimited number or size of datauploads and downloads, so long as a total amount of data stored at anytime during the period does not exceed a certain limit.
 14. The methodof claim 8, further comprising: charging an entity when a user or clientcomputer affiliated with the entity performs various actions includingat least three of: a first rate for each unit of data received ordirected to be stored at the one or more cloud storage sites; a secondrate for each unit of data stored at the one or more cloud storage sitesduring a unit of time; a third rate for conducting a content-basedsearch of data stored at the one or more cloud storage sites and thatretrieves information about data objects stored therein; a fourth ratefor conducting a collaborative search operation upon data objects storedat the one or more cloud storage sites; and a fifth rate for each unitof data retrieved or restored and served back to the client computer.15. The method of claim 8, further comprising: when the system currentlyhas the data object stored in a manner consistent with the storagepolicy parameters applicable to the data object, then apportioning acost of storing the data object between one or more of the following:the requesting client computer, a different client computer, an entityassociated with the requesting client computer, and an entity associatedwith a different client computer.
 16. The method of claim 8, furthercomprising: determining that the system currently does have the dataobject stored in a manner consistent with the storage policy parametersapplicable to the data object, but that the stored object is older thana threshold, and then: requesting a copy of the data object from theclient computer, receiving a copy of the data object, and storing thereceived data object and metadata in the local data store, wherein thereceived metadata includes one or more of the following: object-levelsecurity information, content tags, and storage policy parameters. 17.The method of claim 8, further comprising: deduplicating data objectsreceived from first and second different companies; receiving anddirecting storage of a particular data object from the first companywithin the one or more cloud storage sites; thereafter receiving fromthe second company the particular data object for storage; only storingone or more references to at least one of: (1) a stored copy of theparticular data object, and (2) constituent blocks that form a storedcopy of the particular data object; receiving from the first company arequest to delete the particular data object; and updating one or moreindices to no longer associate the particular data object with the firstcompany, but not deleting the particular data object until the secondcompany requests deletion of the particular data object.
 18. A systemfor managing a storage request from a requesting client computer tostore a data object that comprises multiple blocks, wherein the systemis communicatively coupled between the client computer and at least onecloud storage site, the system comprising: means for receiving a requestto store a data object, wherein the data object includes metadataassociated therewith; means for identifying a logical group for thereceived data object, wherein the means for identifying identifies thelogical group based at least in part on the metadata received with thedata object and a storage policy having storage policy parameters, andwherein the logical group aggregates for storage data objects sharing acommon characteristic; means for determining, based on acryptographically unique identifier for the data object, whether a copyof the data object is already stored in an archive file, wherein thearchive file is stored within a cloud storage site; means for updatingat least one of a deduplication database and the archive file when acopy of the data object is already stored in the archive file; means forperforming block level deduplication of the data object when a copy ofthe data object is not already stored in the archive file; and means forupdating an ingestion database to reflect at least the storage requestand received metadata.
 19. The system of claim 18 wherein the means forperforming block level deduplication further comprises: means fordetermining if a copy of each block in the data object is already storedin accordance with the storage policy parameters; means for updating adeduplication database to associate the current storage request with areceived block identifier, and for updating the archive file by adding areference within the archive file that refers to a previously storedcopy of the block, when the system already has a stored copy of a block;and means for requesting a copy of a block associated with the blockidentifier, for receiving the requested block, for storing a copy of thereceived block within the archive file, and for updating thededuplication databases when system does not already have a stored copyof a block.